I created my own authentication from scratch based on one of the
railscasts and other tutorials.
The user can update his first name, last name, email address, etc. I do
not want the user to update his password, so I didn’t include the
password fields. Since in the User model I have validate_presence_of
:password, whenever the user tries to update his profile, of course, he
gets this error:
“Password should have between 6 to 12 characters”
How can I make the Update User form work without it doing anything to
the password?
when you are trying to set the attributes of your object in the update
action, are u get all the params or just the ones you want to update?
maybe if you think of it! It could change the way you update your data!
How can I make the Update User form work without it doing anything to
the password?
…problem solved?..
Awesome! XD
It seems to me that you might be storing passwords in the database in
the clear. That rings alarm bells! Instead store a hash of the
password with a salt. Which means that the password field the user
sees in the form and enters won’t be the same field name as in your
database. Or at least it will be less confusing if it isn’t. You
should place a hook into place to hash the password if present and
store the hash in the database. That will avoid a lot of problems in
the future.
Thanks Bob. I did hash the password and added some salt. I based myself
on the railscast “Authentication from Scratch” and also on a Rails book
I have.
The conditional validations railscast was VERY helpful, thanks Tom!
Validations have the option :on which specifies when the validation is
active, the default is :save, but other options are :create, :update
so you can do something like this:
validates_presence_of :field, :on =>:create #Validations will not be
triggered on update.