diff --git a/app/models/user.rb b/app/models/user.rb
index 105e3f0..2af7dc2 100755
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -4,11 +4,10 @@ class User < ActiveRecord::Base
:confirmation => true,
:length => {:within => 6..40},
:on => :create,
- :if => :password#,
-=begin :format => {:with => /\A.*(?=.{10,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\@\#\$\%\^\&\+\=]).*\z/}
+ :if => :password
+=begin
validates :password, :presence => true,
:confirmation => true,
- :on => :update,
:if => :password,
:format => {:with => /\A.*(?=.{10,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\@\#\$\%\^\&\+\=]).*\z/}
=end
diff --git a/app/views/layouts/tutorial/broken_auth_sess/_password_complexity.html.erb b/app/views/layouts/tutorial/broken_auth_sess/_password_complexity.html.erb
index a373e91..4ca6a3e 100644
--- a/app/views/layouts/tutorial/broken_auth_sess/_password_complexity.html.erb
+++ b/app/views/layouts/tutorial/broken_auth_sess/_password_complexity.html.erb
@@ -70,18 +70,11 @@
1 special character
- # VALIDATE PASSWORD BOTH AT CREATION AND WHEN UPDATING
validates :password, :presence => true,
:confirmation => true,
:length => {:within => 6..40},
- :on => :create,
:if => :password,
:format => {:with => /\A.*(?=.{10,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\@\#\$\%\^\&\+\=]).*\z/}
- validates :password, :presence => true,
- :confirmation => true,
- :on => :update,
- :if => :password,
- :format => {:with => /\A.*(?=.{10,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[\@\#\$\%\^\&\+\=]).*\z/}