JJ
2006-Mar-29 22:34 UTC
[Rails] How to skip password validation when updating other fields?
Besides the hashed password, which is saved to db, I have two
password-attributes in my User model:
attr_accessor :password, :password_confirmation
I have validations on these attributes, and I need them to work both on
create and update, since I have pages for changing and resetting the
password.
Now when I want to update just the user''s login name, I guess I have
the
next options:
1)
user = User.find(session[:user_id])
user.login = params[:login]
user.save
=> Won''t work because the password and password_confirmation
validations
hit.
2)
user = User.find(session[:user_id])
user.login = params[:login]
user.update_attributes(:login => params[:login] )
=> Won''t work because the password and password_confirmation
validations
hit.
3)
user = User.find(session[:user_id])
user.login = params[:login]
user.update_attribute(:login, params[:login] )
=> Updates the fiels to db, but passes all validations. Now I think
it''s
bad idea to do the validations every time in the controller when I need
to update a field.
4)
user = User.find(session[:user_id])
user.login = params[:login]
if user.valid?
user.update_attribute(:login, params[:login] )
end
=> Won''t work because the password and password_confirmation
validations
hit.
Is there any way to skip the validations for the password attributes?
I''ve been thinkin of creating validation method in the user model, that
skips the password-fields like this:
def validate_all_but_password
loop through validations
if the validation name doesn''t equal ''password'' or
''password_confirmation''
run the validation
and then call it before update_attribute.
What do you think, would this be a good practise, or is there another
way to solve this problem?
--
Posted via http://www.ruby-forum.com/.
Don Walker
2006-Mar-29 22:43 UTC
[Rails] How to skip password validation when updating other fields?
How about specifying that the validation only be performed upon model creation? E.g. validates_confirmation_of :password, :password_confirmation, :on => :create On 3/29/06, JJ <kerkkoj@hotmail.com> wrote:> > Besides the hashed password, which is saved to db, I have two > password-attributes in my User model: > > attr_accessor :password, :password_confirmation > > I have validations on these attributes, and I need them to work both on > create and update, since I have pages for changing and resetting the > password. > > Now when I want to update just the user''s login name, I guess I have the > next options: > > 1) > user = User.find(session[:user_id]) > user.login = params[:login] > user.save > => Won''t work because the password and password_confirmation validations > hit. > > 2) > user = User.find(session[:user_id]) > user.login = params[:login] > user.update_attributes(:login => params[:login] ) > => Won''t work because the password and password_confirmation validations > hit. > > > 3) > user = User.find(session[:user_id]) > user.login = params[:login] > user.update_attribute(:login, params[:login] ) > => Updates the fiels to db, but passes all validations. Now I think it''s > bad idea to do the validations every time in the controller when I need > to update a field. > > 4) > user = User.find(session[:user_id]) > user.login = params[:login] > if user.valid? > user.update_attribute(:login, params[:login] ) > end > => Won''t work because the password and password_confirmation validations > hit. > > Is there any way to skip the validations for the password attributes? > > I''ve been thinkin of creating validation method in the user model, that > skips the password-fields like this: > > def validate_all_but_password > loop through validations > if the validation name doesn''t equal ''password'' or > ''password_confirmation'' > run the validation > > and then call it before update_attribute. > > What do you think, would this be a good practise, or is there another > way to solve this problem? > > > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060329/c31f89b4/attachment-0001.html
Jim Morris
2006-Mar-29 22:49 UTC
[Rails] How to skip password validation when updating other fields?
You could do it this way in your model...
validates_presence_of :password, :if => :password_required?
validates_confirmation_of :password, :if => :password_required?
where...
protected
def password_required?
hashed_password.blank? or not password.blank?
end
JJ wrote:> Besides the hashed password, which is saved to db, I have two
> password-attributes in my User model:
>
> attr_accessor :password, :password_confirmation
>
> I have validations on these attributes, and I need them to work both on
> create and update, since I have pages for changing and resetting the
> password.
>
> Now when I want to update just the user''s login name, I guess I
have the
> next options:
>
> 1)
> user = User.find(session[:user_id])
> user.login = params[:login]
> user.save
> => Won''t work because the password and password_confirmation
validations
> hit.
>
> 2)
> user = User.find(session[:user_id])
> user.login = params[:login]
> user.update_attributes(:login => params[:login] )
> => Won''t work because the password and password_confirmation
validations
> hit.
>
>
> 3)
> user = User.find(session[:user_id])
> user.login = params[:login]
> user.update_attribute(:login, params[:login] )
> => Updates the fiels to db, but passes all validations. Now I think
it''s
> bad idea to do the validations every time in the controller when I need
> to update a field.
>
> 4)
> user = User.find(session[:user_id])
> user.login = params[:login]
> if user.valid?
> user.update_attribute(:login, params[:login] )
> end
> => Won''t work because the password and password_confirmation
validations
> hit.
>
> Is there any way to skip the validations for the password attributes?
>
> I''ve been thinkin of creating validation method in the user model,
that
> skips the password-fields like this:
>
> def validate_all_but_password
> loop through validations
> if the validation name doesn''t equal
''password'' or
> ''password_confirmation''
> run the validation
>
> and then call it before update_attribute.
>
> What do you think, would this be a good practise, or is there another
> way to solve this problem?
>
>
>
>
Brian Hogan
2006-Mar-29 22:52 UTC
[Rails] How to skip password validation when updating other fields?
Basically, you just have to look at the before_create and before_save
methods.
Here''s what I do... Password field is validated on create only.
Password is set on update only if the password field is not nil.
class User < ActiveRecord::Base
attr_accessor :password
attr_accessible :username, :password, :email
validates_uniqueness_of :username, :email
validates_presence_of :username, :email
has_and_belongs_to_many :machines
#
def validate_on_create
errors.add_to_base("Password field must not be left blank!") if
self.password == "" or self.password.nil?
end
# hash the password for storage in the DB
def before_create
self.hashed_password = User.hash_password(self.password)
end
# hash the password before updating but only if the password field is
actually filled in.
def before_update()
unless self.password.nil?
self.password = User.hash_password(self.password)
end
end
def after_create
self.password = nil
end
end
On 3/29/06, JJ <kerkkoj@hotmail.com> wrote:>
> Besides the hashed password, which is saved to db, I have two
> password-attributes in my User model:
>
> attr_accessor :password, :password_confirmation
>
> I have validations on these attributes, and I need them to work both on
> create and update, since I have pages for changing and resetting the
> password.
>
> Now when I want to update just the user''s login name, I guess I
have the
> next options:
>
> 1)
> user = User.find(session[:user_id])
> user.login = params[:login]
> user.save
> => Won''t work because the password and password_confirmation
validations
> hit.
>
> 2)
> user = User.find(session[:user_id])
> user.login = params[:login]
> user.update_attributes(:login => params[:login] )
> => Won''t work because the password and password_confirmation
validations
> hit.
>
>
> 3)
> user = User.find(session[:user_id])
> user.login = params[:login]
> user.update_attribute(:login, params[:login] )
> => Updates the fiels to db, but passes all validations. Now I think
it''s
> bad idea to do the validations every time in the controller when I need
> to update a field.
>
> 4)
> user = User.find(session[:user_id])
> user.login = params[:login]
> if user.valid?
> user.update_attribute(:login, params[:login] )
> end
> => Won''t work because the password and password_confirmation
validations
> hit.
>
> Is there any way to skip the validations for the password attributes?
>
> I''ve been thinkin of creating validation method in the user model,
that
> skips the password-fields like this:
>
> def validate_all_but_password
> loop through validations
> if the validation name doesn''t equal
''password'' or
> ''password_confirmation''
> run the validation
>
> and then call it before update_attribute.
>
> What do you think, would this be a good practise, or is there another
> way to solve this problem?
>
>
>
> --
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060329/20383677/attachment.html
JJ
2006-Mar-29 22:56 UTC
[Rails] Re: How to skip password validation when updating other fiel
If I just had surfed to the api doc before posting... heh Found the solution, added this on the validations of password: :if => :validate_password then before I call user.save I call user.dont_validate_password, which sets instance variable to false and the validate_password method then returns false. -- Posted via http://www.ruby-forum.com/.
JJ
2006-Mar-29 23:14 UTC
[Rails] Re: How to skip password validation when updating other fiel
Don Walker wrote:> How about specifying that the validation only be performed upon model > creation? > > E.g. validates_confirmation_of :password, :password_confirmation, :on => > :createBut I need to validate the input also when the user updates the password. -- Posted via http://www.ruby-forum.com/.