Agile Web Dev w/Rails - Password Change

Happy New Year everyone. Just wondering if anyone has coded the ability to allow a user to change their password following the way the book (second edition) implements administration.


Seems like I should be able to cut out the password/password_confirmation portion of 'add_user' form to create a 'change_pass' form. The problem is I'm not sure how to go about having it confirm the password and implementing the change. Seems the code will only do that for new users.

You get new salt and rehash the password. I actually adjusted mine so it re-salts every time the password gets updated.

  def password=( passwd )     @password = passwd     return if passwd.blank?     self.passwd_salt = User.salt     self.passwd_hash = User.hash_password( @password, self.passwd_salt )   end


  def self.salt     Digest::SHA1.hexdigest( rand.to_s )   end

  def self.hash_password( password, salt )     Digest::SHA1.hexdigest( password + salt )   end