database_authenticatable.rb in devise-1.3.0

- old
+ new

@@ -20,20 +20,21 @@
       extend ActiveSupport::Concern
 
       included do
         attr_reader :password, :current_password
         attr_accessor :password_confirmation
-        before_save :downcase_keys
+        before_validation :downcase_keys
       end
 
       # Generates password encryption based on the given value.
       def password=(new_password)
         @password = new_password
         self.encrypted_password = password_digest(@password) if @password.present?
       end
 
       # Verifies whether an password (ie from sign in) is the user password.
       def valid_password?(password)
+        return false if encrypted_password.blank?
         bcrypt   = ::BCrypt::Password.new(self.encrypted_password)
         password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt)
         Devise.secure_compare(password, self.encrypted_password)
       end
 