Ruby on Rail's Authlogic gem - password confirmation only for password reset and the edit page_问答_开发者

Ruby on Rail's Authlogic gem - password confirmation only for password reset and the edit page

开发者 https://www.devze.com 2023-01-13 02:12 出处：网络

I followed the Authlogic example tutorial at github and have everything set up and running. But I would like to make a change concerning password confirmation.

Following the tutorial, you must enter a password confirmation when registering. I don't want that to be necessary, so I put c.require_password_confirmation = false in the acts_as_authentic block. But that removes password confirmation entirely. I'd still like to have password confirmation for the Edit User page, for when they change their password. I'd also like to have it for the Reset Password page (which I currently do not have set up).

How do I go about doing this?

Also, though not as important, on the Edit User page, everything is currently one form, with the one Update def in the UsersController. So if someone wants to change some other information, they also have to enter their current password as I currently have it set up as so...

def update  
  @user = current_user  
  if @user.valid_password?(params[:user][:old_password])  
    if @user.update_attributes(params[:user].reject{|key, value| key == "old_password"})  
      flash[:notice] = 'Successfully updated profile.'  
      开发者_JAVA百科render :action => :edit  
    else  
      render :action => :edit  
    end  
  else  
    flash[:notice] = 'Your old password is wrong.'  
    render :action => :edit  
  end  
end

I'd preferably like to have it so that it only requires they enter their old password if they change their email address or enter a new password.

user.rb


class User < ActiveRecord::Base
  acts_as_authentic do |c|
    c.require_password_confirmation = false
  end
  attr_accessor :old_password, :reset_password
  validate :old_password_valid, :on => :update, :unless => [:reset_password]

  def old_password_valid
    errors.add(:old_password, "You must introduce your password") unless valid_password?(old_password)
  end

  def require_password?
    password_changed? || (crypted_password.blank? && !new_record?) || reset_password
  end

  def deliver_password_reset_instructions!
    reset_perishable_token!
    Notifier.deliver_password_reset_instructions(self)
  end
end

I would do it this way, add accessors old_password, reset_password (boolean that we set to true when reseting password):

attr_accessor :old_password, :reset_password

Now, we need to validate the old password when updating, but not reseting:

validate :old_password_valid, :unless => [:reset_password]

def old_password_valid
  errors.add(:old_password, "You must introduce your password") if !new_record? && !valid_password?(old_password)
end

So far, we've validated that the old password is valid when the user is updating their profile.

Now, to ask for the new password or not, Authlogic adds a method 'require_password?' to your user model, you have to override it. I did this way:

def require_password?
  password_changed? || (crypted_password.blank? && !new_record?) || reset_password
end

Basically asks for the password (and confirmation) when: 1) User updating password, 2) User activating their account (so they still haven't got a password), 3) user resetting password.

Hope this helps.