Before_save :encrypt_password

dubstep · October 14, 2011, 4:53pm

I am having a problem finding the best way to make a “before_save
:encrypt_password” conditional.

I have to at times update user model attributes but each time I do this
the password is reencrypted because of the above. I need to
differentiate between when the user is first logging in and the password
does need to be encrypted, and when they are already logged in and the
“before_save :encrypt_password” should not be called.

eg
if !signed_in?
before_save :encrypt_password
end

This does not work but Is there a rails variable that gets set when
logged in I can use?

Thanks,

DC

pezdude · October 14, 2011, 5:06pm

I suppose you’ll need to re-encrypt it if it gets updated. So why not
just check if the password was changed in your callback?

If not, and you only need to encrypt once, look at the before_create
callback.

pezdude · October 14, 2011, 8:31pm

On 14 October 2011 15:53, Dave C. [email protected] wrote:

I am having a problem finding the best way to make a “before_save
:encrypt_password” conditional.

I have to at times update user model attributes but each time I do this
the password is reencrypted because of the above. I need to
differentiate between when the user is first logging in and the password
does need to be encrypted, and when they are already logged in and the
“before_save :encrypt_password” should not be called.

I would typically do something like this upon setting the attribute -
so it gets saved as normal as necessary. Create your own method, and
handle the encryption in there. Something along the lines of:

user.rb

def password=(value)
attributes[:password] = FunkyEncryptionModule::encrypt(value)
end

I actually generally extract passwords out to their own model (if I
don’t use an authorization gem), with a belongs_to :user association,
so the Password object stores all its own information regarding
hashed-value/salt/expiry-date/etc.