heartcombo · timkrins · Mar 15, 2019 · Mar 15, 2019
diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb
@@ -60,7 +60,7 @@ def self.required_fields(klass)
       # the hashed password.
       def password=(new_password)
         @password = new_password
-        self.encrypted_password = password_digest(@password) 
+        self.encrypted_password = password_digest(@password) if @password.present?
       end
 
       # Verifies whether a password (ie from sign in) is the user password.

diff --git a/test/models/database_authenticatable_test.rb b/test/models/database_authenticatable_test.rb
@@ -122,6 +122,12 @@ def setup
     assert_nil new_user(password: '').encrypted_password
   end
 
+  test 'should not set encrypted password to nil if updating with blank password' do
+    user = create_user
+    user.password = ''
+    refute_nil user.encrypted_password
+  end
+
   test 'should hash password again if password has changed' do
     user = create_user
     encrypted_password = user.encrypted_password