Forum: Ruby on Rails Simple model password protection?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
C20255571022ffddcba5eaf32df8178b?d=identicon&s=25 beacon (Guest)
on 2009-05-30 20:32
(Received via mailing list)
Hey everybody,

I would like to know how to do simple password protection in rails a
la <a href="http://writeboard.com>writeboard</a>. At writeboard, when
a new writeboard object is created, the creator must assign a
password, but not create a new user. Then, to access the newly-created
writeboard, one must input only the password.

I'm sure this is pretty simple, but I'm quite new to rails. Thanks.
4c438a80fc30661ad619ea177cf9cbd0?d=identicon&s=25 Freddy Andersen (Guest)
on 2009-05-30 23:51
(Received via mailing list)
I'm sure there is a user created with the email that you give them.
4956b715c43829ef0b41ad52e606a6a8?d=identicon&s=25 nodoubtarockstar (Guest)
on 2009-06-01 09:15
(Received via mailing list)
Just the methods, no code:

First, assign password attribute to your model (i.e. table field) --
be it a Writeboard or whatever...

Depending on your own business rules a lot of things will determine
how you process the password-entry --- i.e. do you now create a
session so that the user can come back later today and view the
Writeboard again? or does someone have to input the password everytime
they hit the page? That depends on you... Below is the absolute
"simplest" approach possible:

But simply put, you should easily be able to put a password field on
the form where you create your Whiteboard that gets saved (possibly
even validated for length/alphanum whatever) and - hopefully -
encrypted.

When you render the show method (view) for the Writeboard, you'll
check to see if there's a password param, which if so, you'll verify
against the password belonging to the Writeboard, and if not, you'll
render a page/popup/whatever that simply has a password input field
that posts to the show method which will mean that now there will be a
password param, so your controller will do the verification that
what's entered (hopefully you're encrypting it to do your saves and
checks) matches the Writeboard password.

Pseudo code:

def show
  look up the Writeboard by the id param
  is there a password param?
  yes?
    does the encrypted password param match the Writeboard password?
    yes?
      render the show view #default
    no?
      render some view with a password field
  no?
    render some view with a password field
end

Do this once, then you'll find ways to refactor it so it's smaller.
Again, this is the very super-simple approach -- there are infinite
more complex possibilities, but if you're new to Rails, give this a
go...

Cheers!
This topic is locked and can not be replied to.