Password re-check with authlogic

11155 · June 4, 2010, 11:15am

Hi there!

I know what I am trying to do would seem laughably easy to some, but pray accept my excuses for still being nothing more than a newbie where rails is concerned. It seems there is so much to learn. And with rails it's always not about doing it, but doing it easily and meaningfully, i.e. I'm asking how to do it the RIGHT way.

Now, I am having a very simple User/Session model (implemented using Authlogic). In fact it is so simple, that all the functionality regarding profile editing is put on ONE page. I'd like the user to be able to set some details AND to be able to change their password. In case the user desires to change their password, i.e. does NOT leave the password field blank, they must be required to enter their current password (sounds logical enough to me) in another field.

However, there are a couple of problems I am experiencing with this simple scenario.

Firstly, how could I tell the User model to forget about the password fields and NOT save them if they are empty (I know how to validate them but that alone doesn't seem to do it) and so Authologic wouldn't complain either?

Secondly, is there any way to validate that the entered password in the `password_check` field matches the current one, but do it using custom validation callbacks (i.e. in the model, not in the controller)? I don't see how one could have access to the params hash from within the model validation methods (and it doesn't seems right to me to do so) so should one use virtual attributes to do the check?!

Thirdly, even if all that validation was done in the controller (i.e. if it is not possible to be done in the model), does anyone know how I am to compare the entered password and the current one for it is stored in encrypted form. There must be some method in Authologic that should be able to do just that (i.e. not reviling the password, but comparing an entered password against the current one).

And finally, is there any way to add errors to an ActiveRecord object from within the controller (not the model) so as to be able to show them along with the other validation errors if I can't make that validation in the model?

Thank you awfully much!

...and sorry for the bunch of words but it's incredibly hard to express extremely simple things simply.

pepe1 · June 5, 2010, 11:59am

Can't be of help with Authlogic as I am starting to use it too, but about adding errors in the controller, once you have your object instantiated you can do something as simple as:

@my_instance.errors.add...

BTW, I have been looking at how to set in authlogic the configuration so when a new user is created he/she does not get automatically signed on and I couldn't find a way to do it yet. In my app. the admin is the one creating users, the users don't register, so that functionality must be handled by the application. If anybody can help it would be appreciated.

Thank you

pepe1 · June 5, 2010, 12:29pm

BTW, I have been looking at how to set in authlogic the configuration so when a new user is created he/she does not get automatically signed on and I couldn't find a way to do it yet. In my app. the admin is the one creating users, the users don't register, so that functionality must be handled by the application. If anybody can help it would be appreciated.

In case it helps anybody, I believe I just found out how to do this. In my user model:

acts_as_authentic do |c| c.maintain_sessions = false end

11155 · June 5, 2010, 12:41pm

@my_instance.errors.add...

Thanks for the tip pepe. Honestly, it all was rather simple. I have managed to answer the questions on my own and it is only bad design habits that made it hard for me to reason it out. Sorry to have bothered anyone.

Michael_Pavling · June 5, 2010, 2:59pm

@my_instance.errors.add…

Thanks for the tip pepe. Honestly, it all was rather simple. I have

managed to answer the questions on my own and it is only bad design

habits that made it hard for me to reason it out. Sorry to have bothered

anyone.

–

Posted via http://www.ruby-forum.com/.

– You received this message because you are subscribed to the Google Groups “Ruby on Rails: Talk”…

11155 · October 30, 2010, 3:35pm

I found this thread while searching for how to validate a string as a user's password in the controller, and was disappointed when I didn't find the answer.

I figured it out so I figured I'd post the answer for other people that do the same thing.

The User model get's a method valid_password? with :acts_as_authentic. So to test the password you would just do:

@current_user.valid_password? params[:old_password]