user controller 


					
		
		
def edit_profile
  @user = session[:user]
    if request.post?
      @user.update_attributes(:first_name=>params[:user][:first_name]) if params[:user][:first_name] != @user.first_name  
      @user.update_attributes(:last_name=>params[:user][:last_name]) if params[:user][:last_name] != @user.last_name  
      @user.update_attributes(:email=>params[:user][:email]) if params[:user][:email] != @user.email  
      if (!params[:user][:password].empty?)  
        flash[:notice] = "Password must not have been empty"
        @user.update_attributes(:password=>params[:user][:password])
        @user.update_attributes(:password_confirmation => params[:user][:password_confirmation])
      end
      if @user.save
        flash[:notice] = "Profile has been saved"
        session[:user] = @user
      end
    end
  end

				
		

		

	
	





user view 





	
	

		

		

			
				
				

					
		
		
  <%= error_messages_for 'user' %>

  <% form_tag :action=> 'edit_profile', :id => @user do %>
    
 
    <%= text_field "user", "first_name", :size => 20 %>

    
 
    <%= text_field "user", "last_name", :size => 20 %>

    
 
    <%= text_field "user", "email", :size => 20 %>

    

    <%= password_field "user", "password", :size => 20, :value=>"" %>

    

    <%= password_field "user", "password_confirmation", :size => 20, :value=>"" %>

    <%= submit_tag "Save Profile" %>
  <% end %>
<% end %>

				
		

		

	
	





model 





	
	

		

		

			
				
				

					
		
		
  attr_protected :id, :salt
  attr_accessor :password, :password_confirmation
  
  validates_length_of     :login,   :within => 3..40
  validates_length_of     :password,   :within => 4..40
  validates_presence_of   :login
  validates_presence_of    :email
  validates_presence_of    :first_name
        validates_presence_of   :last_name
  validates_presence_of    :password
  validates_presence_of    :password_confirmation
  validates_presence_of    :salt
  validates_uniqueness_of   :login
  validates_uniqueness_of    :email
  validates_confirmation_of   :password
  validates_format_of     :email,   :with => /^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i, :message => "Invalid email"

				
		

		

	
	





my question 





	
	

		

		

			
				
				

					
		
		
It should allow the password to be blank :( why isn't it working.  Instead it's using validation to tell me that the password isn't allowed to be blank.