Forum: Ruby on Rails RE: Agile book - getting confusing error

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Hogan, Brian P. (Guest)
on 2006-02-15 21:06
(Received via mailing list)
Craig:
I've used that code in three separate applications... I know it works.
I've made some minor changes to this code which I will send to you so
you can try it out.

Assuming your table is:

ActiveRecord::Schema.define() do
  create_table "users", :force => true do |t|
    t.column "username", :string, :limit => 100, :default => "", :null
=> false
    t.column "hashed_password", :string, :default => "", :null => false
  end
end

Or something along those lines, then the Agile book's code should work
just fine.
You are correct: You should *not* have a password field in your
database. The "password" is only used to hold the clear-text password
until it is hashed.  (self.hashed_password =
User.hash_password(self.password))

--user.rb ----

require "digest/sha1"
class User < ActiveRecord::Base
  attr_accessor :password
  validates_uniqueness_of :username
  validates_presence_of :username

  def validate_on_create
    if self.password == "" or self.password.nil?
      errors.add_to_base("Password field must not be left blank!")
    end
  end

  # hash the password for storage in the DB
  def before_create
    self.hashed_password = User.hash_password(self.password)
  end

  # hash the password before updating but only if the password field is
actually
  # filled in. This helps to prevent changing the password accidentally
on an update.
  def before_update()
    unless self.password.nil?
      self.password = User.hash_password(self.password)
    end
  end

  def after_create
    self.password = nil
  end

  # This exists so that you can easily create a "user" by
  # simply passing the form params to this object and "try to login"
  # on that object. It's just to reduce code.
  def try_to_login
    User.login(self.username, self.password)
  end

private
  def self.hash_password(password)
    Digest::SHA1.hexdigest(password)
  end

  # Receives a username and password
  def self.login(username, password)
    hashed_password = hash_password(password || "")
    find(:first,
        :conditions => ["username = ? and hashed_password = ?",
        username, hashed_password])
  end
End

---/user.rb--------

I hope this helps you get moving a bit more.

-Brian
Craig W. (Guest)
on 2006-02-15 21:42
(Received via mailing list)
Yeah...I blew it on the table...cuz I was looking at Chad's 'Recipes'
and at Agile book and trying to work out the issues. Chad's 'Recipes'
threw me for a loop because it 'require "digest/md5" which turns out
that I don't have that installed - had to figure it out from
script/console and so I punted back to Agile book which uses
"digest/sha1" which is installed at which point the postgres table was
already created with a 'password' column and Agile book clearly uses
'hashed_password' as the column. *** Doh ***

Thanks

Craig

PS...I'm not interested at this point in adding digest/md5
This topic is locked and can not be replied to.