ruby-on-rails – 当密码也存在或已被更改时,Rails验证password_

class User < ActiveRecord::Base
  # Users table has the necessary password_digest field
  has_secure_password
  attr_accessible :login_name,:password,:password_confirmation

  validates :login_name,:presence=>true,:uniqueness=>true

  # I run this validation on :create so that user 
  # can edit login_name without having to enter password      
  validates :password,:length=>{:minimum=>6},:on=>:create

  # this should only run if the password has changed
  validates :password_confirmation,:if => :password_digest_changed?
end

这些验证并不像我希望的那样完成.可以执行以下操作：

# rails console
u = User.new :login_name=>"stephen"
u.valid? 
# => false
u.errors 
# => :password_digest=>["can't be blank"],# => :password=>["can't be blank","please enter at least 6 characters"]}

# so far so good,let's give it a password and a valid confirmation
u.password="password"
u.password_confirmation="password"

# at this point the record is valid and does save
u.save
# => true

# but we can now submit a blank password from console
u.password=""
# => true
u.password_confirmation=""
# => true

u.save
# => true
# oh noes

所以我想要的是以下内容：

>创建时需要密码,长度必须为6个字符
> create上需要password_confirmation,必须匹配密码
>更新login_name时,用户不必提交密码
>更新时无法删除密码

令我困惑的是,如果我使用password_changed,rails会抛出no方法错误？而不是：password_digest_changed？在我的password_confirmation验证中.我不明白为什么.

那么有谁知道我在这里做错了什么？