On Jan 21, 2008, at 2:50 PM, [email protected] wrote:
have a field “password_confirmation” in my database … didn’t think I
Any ideas? - Dave
On Jan 21, 11:39 am, Jimmy P. [email protected]
wrote:
that should be a column on the table users
You should have bits in your user model that look like these (nearly
all of it is pure generated code from acts_as_authenticated):
Virtual attribute for the unencrypted password
attr_accessor :password
validates_presence_of :login, :email
validates_presence_of :password, :if
=> :password_required?
validates_presence_of :password_confirmation, :if
=> :password_required?
validates_length_of :password, :within => 4…40, :if
=> :password_required?
validates_confirmation_of :password, :if
=> :password_required?
validates_length_of :login, :within => 3…40
validates_length_of :email, :within => 3…100
validates_uniqueness_of :login, :email, :case_sensitive =>
false, :message => “has already been taken. Please choose another.”
before_save :encrypt_password
Authenticates a user by their email and unencrypted password.
Returns the user or nil.
NOTE: This implicitly relies on the case-insensitive string
equality of
MySql when finding a matching email address. If this were to
ever change,
the email should probably be made lowercase before being saved
(and before
doing the find, of course).
def self.authenticate(email, password)
u = find_by_email(email) # need to get the salt
u && u.authenticated?(password) ? u : nil
end
def record_login_time
update_attribute(:last_loggedin_at, Time.now.utc)
end
Encrypts some data with the salt.
def self.encrypt(password, salt)
Digest::SHA1.hexdigest(“–#{salt}–#{password}–”)
end
Encrypts the password with the user salt
def encrypt(password)
self.class.encrypt(password, salt)
end
def authenticated?(password)
crypted_password == encrypt(password)
end
def remember_token?
remember_token_expires_at && Time.now.utc <
remember_token_expires_at
end
These create and unset the fields required for remembering users
between browser closes
def remember_me
self.remember_token_expires_at = 2.weeks.from_now.utc
self.remember_token = encrypt(“#{email}–
#{remember_token_expires_at}”)
save(false)
end
def forget_me
self.remember_token_expires_at = nil
self.remember_token = nil
save(false)
end
protected
before save filter
def encrypt_password
return if password.blank?
self.salt = Digest::SHA1.hexdigest(“–#{Time.now.to_s}–
#{email}–”) if new_record?
self.crypted_password = encrypt(password)
end
conditional validation
def password_required?
crypted_password.blank? || !password.blank?
end
Pay particular attention to the conditional nature of the
validations. You only have to worry about the validation if you do
not yet have a crypted_password (i.e., already in the database) or you
have a non-blank password which typically means that the user is in
the midst of changing (or establishing) it.
NOTE: This is code that was extracted from a working model in a real
Rails project. It does not necessarily work as is in YOUR project and
any difference between it and the code that the acts_as_authenticated
plugin produced is present for a reason (even if that reason is just
that I liked the indentation a bit better my way ;-). YMMV
-Rob
Rob B. http://agileconsultingllc.com
[email protected]