Password re-check with authlogic

Rails
1

Hi there!

I know what I am trying to do would seem laughably easy to some, but
pray accept my excuses for still being nothing more than a newbie where
rails is concerned. It seems there is so much to learn. And with rails
it’s always not about doing it, but doing it easily and meaningfully,
i.e. I’m asking how to do it the RIGHT way.

Now, I am having a very simple User/Session model (implemented using
Authlogic). In fact it is so simple, that all the functionality
regarding profile editing is put on ONE page. I’d like the user to be
able to set some details AND to be able to change their password. In
case the user desires to change their password, i.e. does NOT leave the
password field blank, they must be required to enter their current
password (sounds logical enough to me) in another field.

However, there are a couple of problems I am experiencing with this
simple scenario.

Firstly, how could I tell the User model to forget about the password
fields and NOT save them if they are empty (I know how to validate them
but that alone doesn’t seem to do it) and so Authologic wouldn’t
complain either?

Secondly, is there any way to validate that the entered password in the
password_check field matches the current one, but do it using custom
validation callbacks (i.e. in the model, not in the controller)? I don’t
see how one could have access to the params hash from within the model
validation methods (and it doesn’t seems right to me to do so) so should
one use virtual attributes to do the check?!

Thirdly, even if all that validation was done in the controller (i.e. if
it is not possible to be done in the model), does anyone know how I am
to compare the entered password and the current one for it is stored in
encrypted form. There must be some method in Authologic that should be
able to do just that (i.e. not reviling the password, but comparing an
entered password against the current one).

And finally, is there any way to add errors to an ActiveRecord object
from within the controller (not the model) so as to be able to show them
along with the other validation errors if I can’t make that validation
in the model?

Thank you awfully much!

…and sorry for the bunch of words but it’s incredibly hard to express
extremely simple things simply.

2

Can’t be of help with Authlogic as I am starting to use it too, but
about adding errors in the controller, once you have your object
instantiated you can do something as simple as:

@my_instance.errors.add

BTW, I have been looking at how to set in authlogic the configuration
so when a new user is created he/she does not get automatically signed
on and I couldn’t find a way to do it yet. In my app. the admin is the
one creating users, the users don’t register, so that functionality
must be handled by the application. If anybody can help it would be
appreciated.

Thank you

3

BTW, I have been looking at how to set in authlogic the configuration
so when a new user is created he/she does not get automatically signed
on and I couldn’t find a way to do it yet. In my app. the admin is the
one creating users, the users don’t register, so that functionality
must be handled by the application. If anybody can help it would be
appreciated.

In case it helps anybody, I believe I just found out how to do this.
In my user model:

acts_as_authentic do |c|
c.maintain_sessions = false
end

4

@my_instance.errors.add

Thanks for the tip pepe. Honestly, it all was rather simple. I have
managed to answer the questions on my own and it is only bad design
habits that made it hard for me to reason it out. Sorry to have bothered
anyone.

5

On Jun 5, 2010 1:41 PM, “Albus D.” [email protected] wrote:

@my_instance.errors.add

Thanks for the tip pepe. Honestly, it all was rather simple. I have
managed to answer the questions on my own and it is only bad design
habits that made it hard for me to reason it out. Sorry to have bothered
anyone.

Posted via http://www.ruby-forum.com/.

– You received this message because you are subscribed to the Google
Groups
“Ruby on Rails: Talk”…

6

I found this thread while searching for how to validate a string as a
user’s password in the controller, and was disappointed when I didn’t
find the answer.

I figured it out so I figured I’d post the answer for other people that
do the same thing.

The User model get’s a method valid_password? with :acts_as_authentic.
So to test the password you would just do:

@current_user.valid_password? params[:old_password]