using the Rails Recipes book, i went through the tutorial on setting up
authentication on a site. the tutorial was great, but it raises a few
questions.
the fields in the database are password_hash, and password_salt. the
tutorial creates another method for password that takes the value it was
given and hashes it and adds the 6 character salt at the end.
what if i want to perform validation on the password that is entered
when a user signs up? first, i want to make sure that the user entered
one in the first place, second, that it is a certain number of
characters. i tried adding validation to the model but i’m guessing it
didn’t work because there isn’t an actual field in the database called
password.
are there any workarounds for something like this? is there a way to use
the validation helpers on things that aren’t in a database?
you should be able to create a method like so;
def check_password( password )
if password.length == 0
< whatever else you want >
end
then in the controller, call
user.check_password( params[:password] )
if it returns true… continue with the salting and off you go.
That should work… but I could be wrong. I’m tired today.
Josh K. wrote:
when a user signs up? first, i want to make sure that the user entered
Rails mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails
–
View this message in context:
http://www.nabble.com/validation-on-methods--that-aren't-part-of-the-database.-tf2116574.html#a5840399
Sent from the RubyOnRails Users forum at Nabble.com.
yeah something like that would work. i’m just not familiar enough with
the rails framework to know if there’s an easier way to do it using the
active record validation helpers.
for now, i’ll just use this approach though. thanks.
sw0rdfish wrote:
you should be able to create a method like so;
def check_password( password )
if password.length == 0
< whatever else you want >
end
then in the controller, call
user.check_password( params[:password] )
if it returns true… continue with the salting and off you go.
That should work… but I could be wrong. I’m tired today.
you can write some code in a method called validate in the the model,
and
it’ll run that code before it validates your model… in which case you
can
call errors.add to add errors…
I’ve not done much with it, but I know it’s something to that effect.
Josh K. wrote:
def check_password( password )
–
Posted via http://www.ruby-forum.com/.
Rails mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails
–
View this message in context:
http://www.nabble.com/validation-on-methods--that-aren't-part-of-the-database.-tf2116574.html#a5840875
Sent from the RubyOnRails Users forum at Nabble.com.
so in theory, i can check the password the same way i would in your
example but if it’s in the validate method, it will check automatically
before the record is saved? if that’s the way it works, that would be
perfect.
sw0rdfish wrote:
you can write some code in a method called validate in the the model,
and
it’ll run that code before it validates your model… in which case you
can
call errors.add to add errors…
I’ve not done much with it, but I know it’s something to that effect.
I got something to work:
def validate
unless self.password && self.password.length > 0
errors.add(‘Password’, ‘is invalid’)
end
end
def password=(pass)
salt = [Array.new(6) { rand(256).chr }.join].pack(‘m’).chomp
self.password_salt, self.password_hash = salt,
Digest::SHA256.hexdigest(pass + salt)
@password = pass
end
def password
@password
end
I would like to hear from anyone on doing things this way, just to see
if this is something that would be secure.