Rail authentication from scratch password confirmation isn't working

Question

I'm following along Railscasts #250 Authentication from Scratch but have an issue where the Password Confirmation can be different from the Password and the user will still be created.

..model/dealer.rb:

class Dealer < ActiveRecord::Base
attr_accessor :password
before_save :encrypt_password

validates_confirmation_of :password
validates_presence_of :password, :on => :create

def encrypt_password
    if password.present?
        self.password_salt = BCrypt::Engine.generate_salt
        self.password_hash = BCrypt::Engine.hash_secret(password, password_salt)
    end
end
end

..controllers/dealers_controller.rb

class DealersController < ApplicationController
def new
@dealer = Dealer.new
end
def create
@dealer = Dealer.new(dealer_params)

if @dealer.save
    redirect_to root_url, :notice => "Signed Up!"
else
    render "new"
end

end

    private
    def dealer_params
      params.require(:dealer).permit(:email, :password)
    end
    end

..views/dealers/new.html/erb

<%= form_for @dealer do |f| %>

<p>
    <%= f.label :email %><br>
    <%= f.text_field :email %>
</p>

<p>
    <%= f.label :password %><br>
    <%= f.password_field :password %>
</p>

<p>
    <%= f.label :password_confirmation %><br>
    <%= f.password_field :password_confirmation %>
</p>
<p class="button"><%= f.submit %></p>

Any ideas what I need to do for this to work? Two people in the comments of the Railscast had the same issue but no answer.

Answer 1

Have you tried to add password_confirmation to your allowed params like this:

def dealer_params
  params.require(:dealer).permit(:email, :password, :password_confirmation)
end

If this doesn't help try to generate accessor for password_confirmation too:

attr_accessor :password, :password_confirmation