Forum: Ruby on Rails Problem with params

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
David (Guest)
on 2006-03-14 01:33
I've got a User model, which holds the following (excerpt):

  def try_to_authenticate
    User.authenticate(self.username, self.password)
  end

  ..

  private
  def self.hash_password(password)
    Digest::SHA1.hexdigest(password)
  end

  def self.authenticate(username, password)
        @user = User.find(:all, :conditions => ["username = ? AND
password = ?",
                         params[:username],
self.hash_password(params[:password]))

        if @user.blank?
          raise "Incorrect username or password"
        end
        # Return the user object we found
        @user
  end

However, when called from my LoginController, like so:

  def login
    if request.get?
      session[:user_id] = nil
      @user = User.new
    else
      @user = User.new(params[:user])
      # TODO: wrap this in a rescue block to handle exception
      authenticated_user = @user.try_to_authenticate
      if authenticated_user
        session[:user_id] = authenticated_user.id
        redirect_to :action => session[:intended_action], :controller =>
session[:intended_controller]
      else
        flash[:notice] = 'Invalid username or password.'
      end
    end
  end

I get an error on the User.find(..) line that there is no such thing as
params[].  I had it working but then I edited/moved the code around, so
can anybody suggest why it now will not search for the user correctly?

Is there a better way to do it?

Cheers.
Chris H. (Guest)
on 2006-03-14 03:10
(Received via mailing list)
the class method doesn't have access to the params array from the
controller.

just use the passed in method argument names 'username' and 'password'
David (Guest)
on 2006-03-14 23:48
Chris H. wrote:
> the class method doesn't have access to the params array from the
> controller.
>
> just use the passed in method argument names 'username' and 'password'

Thanks Chris, this is perfect.  I hadn't realised that params[] was for
the controller, not the method.  Time to read up more on scope and such
in Ruby :)

David
This topic is locked and can not be replied to.