Rails - Jul 2012 - update_attributes clears password

I have a database table that contains encrypted passwords along with other 
information relating to users.  When I do an update_attributes operation on 
a row in the table with a hash that does not contain a password, the 
password gets reset to the empty string.  How can I stop this?

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/ZlL3vRcmP7UJ.
For more options, visit https://groups.google.com/groups/opt_out.

On 30 Jul 2012 18:14, "jsnark"
<swr-I/mPKdbEGRBWk0Htik3J/w@public.gmane.org>
wrote:
>
> I have a database table that contains encrypted passwords along with
other information relating to users.  When I do an update_attributes
operation on a row in the table with a hash that does not contain a
password, the password gets reset to the empty string.  How can I stop this?

Remove the password key/value pair from the params hash before the
update-attributes call if the password value is blank.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.

On Monday, July 30, 2012 2:39:22 PM UTC-4, pavling
wrote:
>
>
> On 30 Jul 2012 18:14, "jsnark" wrote:
> >
> > I have a database table that contains encrypted passwords along with 
> other information relating to users.  When I do an update_attributes 
> operation on a row in the table with a hash that does not contain a 
> password, the password gets reset to the empty string.  How can I stop
this?
>
> Remove the password key/value pair from the params hash before the 
> update-attributes call if the password value is blank.
>
The hash does not contain a password key/value pair.  In spite of this, the 
password is set to the empty string. 

  Parameters: {"utf8"=>"✓", 
"authenticity_token"=>"AdPOoGvw9LXnkLEen9NzXo/yhwESO6hRxnICD2eK4Rk=",
"user"=>{"role_id"=>"3"},
"commit"=>"Update User",
"id"=>"1"}

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/jC2XnDqxCzwJ.
For more options, visit https://groups.google.com/groups/opt_out.

On 30 July 2012 20:23, jsnark
<swr-I/mPKdbEGRBWk0Htik3J/w@public.gmane.org>
wrote:
>
>
> On Monday, July 30, 2012 2:39:22 PM UTC-4, pavling wrote:
>>
>>
>> On 30 Jul 2012 18:14, "jsnark" wrote:
>> >
>> > I have a database table that contains encrypted passwords along
with
>> > other information relating to users.  When I do an
update_attributes
>> > operation on a row in the table with a hash that does not contain
a
>> > password, the password gets reset to the empty string.  How can I
stop this?
>>
>> Remove the password key/value pair from the params hash before the
>> update-attributes call if the password value is blank.
>
>
> The hash does not contain a password key/value pair.  In spite of this, the
> password is set to the empty string.
>
>   Parameters: {"utf8"=>"✓",
>
"authenticity_token"=>"AdPOoGvw9LXnkLEen9NzXo/yhwESO6hRxnICD2eK4Rk=",
> "user"=>{"role_id"=>"3"},
"commit"=>"Update User",
"id"=>"1"}
Have you got any callbacks in the model (before_save for example)?
What does the log (log/development.log) show for the action?  It
should show the sql.

If you still can''t see it post the action code, the model (strip out
any irrelevant methods) and the log (just for the action).

Colin

Colin
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
>
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit
> https://groups.google.com/d/msg/rubyonrails-talk/-/jC2XnDqxCzwJ.
>
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

On 30 July 2012 20:23, jsnark
<swr-I/mPKdbEGRBWk0Htik3J/w@public.gmane.org>
wrote:
> The hash does not contain a password key/value pair.  In spite of this, the
> password is set to the empty string.
What filters run in the model? What observers are operating?
It would be worth setting a breakpoint at your update_attribute line
and following through from there to see what happens to your password
attribute.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.

On Monday, July 30, 2012 4:07:20 PM UTC-4, pavling
wrote:
>
> On 30 July 2012 20:23, jsnark wrote: 
> > The hash does not contain a password key/value pair.  In spite of
this,
> the 
> > password is set to the empty string. 
>
> What filters run in the model? What observers are operating? 
> It would be worth setting a breakpoint at your update_attribute line 
> and following through from there to see what happens to your password 
> attribute. 
>
I understand the problem now, but I do not see the solution.  The model has 
a before_save filter that is causing the password to be reset.  How do I 
stop this on an update?

require ''authenticators/sql_encrypted''

class User < ActiveRecord::Base

  belongs_to :role
  belongs_to :person

  include CASServer::Authenticators::SQLEncrypted::EncryptedPassword

  attr_accessor :password

  validates :password, :confirmation => true,
    :length => { :within => 7..20 },
    :format => { :with => 
/^.*(?=.{7,20})(?=.*[a-zA-Z])(?=.*[0-9])(?=.*[`~!@#\$%^&*-_=+|;'':",.\/<>?]).*$/
},
    :presence => true,
    :if => :password_required?

  validates_uniqueness_of :username

  before_save :encrypt_password

  protected

  def password_required?
    encrypted_password.blank? || password.present?
  end

  def encrypt_password
    self.encrypted_password = encrypt(self.password)
  end

end

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/hbHkkHp3ZTQJ.
For more options, visit https://groups.google.com/groups/opt_out.

On 30 July 2012 22:39, jsnark
<swr-I/mPKdbEGRBWk0Htik3J/w@public.gmane.org>
wrote:
> I understand the problem now, but I do not see the solution.  The model has
> a before_save filter that is causing the password to be reset.  How do I
> stop this on an update?
The same way I said before - only run it if the password has been populated:

   def encrypt_password
     self.encrypted_password = encrypt(self.password) unless
self.password.blank?
   end

But you will probably need to add same validation to ensure there is
an encrypted_password - otherwise it would be possible to create
accounts with blank passwords...

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.

On Monday, July 30, 2012 6:40:51 PM UTC-4, pavling
wrote:
>
> On 30 July 2012 22:39, jsnark wrote: 
> > I understand the problem now, but I do not see the solution.  The
model
> has 
> > a before_save filter that is causing the password to be reset.  How do
I
> > stop this on an update? 
>
> The same way I said before - only run it if the password has been 
> populated: 
>
>    def encrypt_password 
>      self.encrypted_password = encrypt(self.password) unless 
> self.password.blank? 
>    end 
>
> But you will probably need to add same validation to ensure there is 
> an encrypted_password - otherwise it would be possible to create 
> accounts with blank passwords... 
>
Thank you. 

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/RIfvsT32vIsJ.
For more options, visit https://groups.google.com/groups/opt_out.

Also note that before_save (and pretty much all the callbacks) take :if and
:unless parameters, like so

before_save do_something, :if => Proc.new {|model|
model.some_boolean_attr_or_method }



On Jul 31, 2012, at 9:11 AM, jsnark wrote:
> 
> 
> On Monday, July 30, 2012 6:40:51 PM UTC-4, pavling wrote:
> On 30 July 2012 22:39, jsnark wrote: 
> > I understand the problem now, but I do not see the solution.  The
model has
> > a before_save filter that is causing the password to be reset.  How do
I
> > stop this on an update? 
> 
> The same way I said before - only run it if the password has been
populated:
> 
>    def encrypt_password 
>      self.encrypted_password = encrypt(self.password) unless 
> self.password.blank? 
>    end 
> 
> But you will probably need to add same validation to ensure there is 
> an encrypted_password - otherwise it would be possible to create 
> accounts with blank passwords... 
> 
> Thank you. 
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/RIfvsT32vIsJ.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.