Validation on missing attributes on update_attributes

Question

The question is very simple, does update_attributes validates every possible validation of the model, even if I don't want to update some of the attributes?

I have a edit view, where the user might change his password, but only if he passes it, i.e., if it's blank the password would not change.

So I do the following in the controller:

def update
    params[resource_name].delete(:password) if params[resource_name][:password].blank?
    params[resource_name].delete(:password_confirmation) if params[resource_name][:password_confirmation].blank?
    params[resource_name].delete(:current_password) if params[resource_name][:current_password].blank?
    if resource.update_attributes(params[resource_name])
        ...
    end
end

I defined the following validation on the model:

validates :password,
          :length => { :within => 6..40 }

So whenever i use call the update I get an error saying that the password is too short

Ps.: I'm using Devise to deal it this.

EDIT: Do any of you know if Devise already have any validation on the password? Cause, I removed the validation and it worked in the right way, but if I put a short password it still show a validation, saying it's too short.

Answer 1

Yes, Devise does provide validations on password if you've passed :validatable to the devise method in your model. The default configuration for password length is 6..128. You can override this in config/initializers/devise.rb (around line 101).

You can remove :validatable from your model and write your own validations if you prefer. If you do this and don't want the validation to run if the password isn't passed to update_attributes, then do something like this:

validates :password, :presence => true, :if => lambda { new_record? || !password.nil? }