开发者

Ruby on Rail's Authlogic gem - password confirmation only for password reset and the edit page

问答 作者:

I followed the Authlogic example tutorial at github and have everything set up and running. But I would like to make a change concerning password confirmation.

Following the tutorial, you must enter a password confirmation when registering. I don't want that to be necessary, so I put c.require_password_confirmation = false in the acts_as_authentic block. But that removes password confirmation entirely. I'd still like to have password confirmation for the Edit User page, for when they change their password. I'd also like to have it for the Reset Password page (which I currently do not have set up).

How do I go about doing this?

Also, though not as important, on the Edit User page, everything is currently one form, with the one Update def in the UsersController. So if someone wants to change some other information, they also have to enter their current password as I currently have it set up as so...

def update  
  @user = current_user  
  if @user.valid_password?(params[:user][:old_password])  
    if @user.update_attributes(params[:user].reject{|key, value| key == "old_password"})  
      flash[:notice] = 'Successfully updated profile.'  
      开发者_JAVA百科render :action => :edit  
    else  
      render :action => :edit  
    end  
  else  
    flash[:notice] = 'Your old password is wrong.'  
    render :action => :edit  
  end  
end

I'd preferably like to have it so that it only requires they enter their old password if they change their email address or enter a new password.

user.rb 


class User < ActiveRecord::Base
  acts_as_authentic do |c|
    c.require_password_confirmation = false
  end

  attr_accessor :old_password, :reset_password
  validate :old_password_valid, :on => :update, :unless => [:reset_password]

  def old_password_valid
    errors.add(:old_password, "You must introduce your password") unless valid_password?(old_password)
  end

  def require_password?
    password_changed? || (crypted_password.blank? && !new_record?) || reset_password
  end

  def deliver_password_reset_instructions!
    reset_perishable_token!
    Notifier.deliver_password_reset_instructions(self)
  end
end

I would do it this way, add accessors old_password, reset_password (boolean that we set to true when reseting password):

attr_accessor :old_password, :reset_password

Now, we need to validate the old password when updating, but not reseting:

validate :old_password_valid, :unless => [:reset_password]

def old_password_valid
  errors.add(:old_password, "You must introduce your password") if !new_record? && !valid_password?(old_password)
end

So far, we've validated that the old password is valid when the user is updating their profile.

Now, to ask for the new password or not, Authlogic adds a method 'require_password?' to your user model, you have to override it. I did this way:

def require_password?
  password_changed? || (crypted_password.blank? && !new_record?) || reset_password
end

Basically asks for the password (and confirmation) when: 1) User updating password, 2) User activating their account (so they still haven't got a password), 3) user resetting password.

Hope this helps.

继续阅读:authlogicconfirmationpasswordsresetruby-on-rails

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9