Validation should be conditional. Considering that both password and password_confirmation are virtual and are never saved to the database (only password_digest, a special field expected by has_secure_password), their validation should be special cased (like only password being present to signify desire to change it, thus trigger the confirmation check).
-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.