Rails - Aug 2006 - validation on methods that aren''t part of the database.

using the Rails Recipes book, i went through the tutorial on setting up 
authentication on a site. the tutorial was great, but it raises a few 
questions.

the fields in the database are password_hash, and password_salt. the 
tutorial creates another method for password that takes the value it was 
given and hashes it and adds the 6 character salt at the end.

what if i want to perform validation on the password that is entered 
when a user signs up? first, i want to make sure that the user entered 
one in the first place, second, that it is a certain number of 
characters. i tried adding validation to the model but i''m guessing it 
didn''t work because there isn''t an actual field in the
database called
password.

are there any workarounds for something like this? is there a way to use 
the validation helpers on things that aren''t in a database?

-- 
Posted via http://www.ruby-forum.com/.

you should be able to create a method like so;

def check_password( password )
   if password.length == 0
   < whatever else you want  >
end

then in the controller, call 
user.check_password( params[:password] )

if it returns true...  continue with the salting and off you go.

That should work.... but I could be wrong.  I''m tired today.


Josh Kieschnick wrote:
> 
> using the Rails Recipes book, i went through the tutorial on setting up 
> authentication on a site. the tutorial was great, but it raises a few 
> questions.
> 
> the fields in the database are password_hash, and password_salt. the 
> tutorial creates another method for password that takes the value it was 
> given and hashes it and adds the 6 character salt at the end.
> 
> what if i want to perform validation on the password that is entered 
> when a user signs up? first, i want to make sure that the user entered 
> one in the first place, second, that it is a certain number of 
> characters. i tried adding validation to the model but i''m
guessing it
> didn''t work because there isn''t an actual field in the
database called
> password.
> 
> are there any workarounds for something like this? is there a way to use 
> the validation helpers on things that aren''t in a database?
> 
> -- 
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
> 
> 
-- 
View this message in context:
http://www.nabble.com/validation-on-methods--that-aren%27t-part-of-the-database.-tf2116574.html#a5840399
Sent from the RubyOnRails Users forum at Nabble.com.

yeah something like that would work. i''m just not familiar enough with 
the rails framework to know if there''s an easier way to do it using the
active record validation helpers.

for now, i''ll just use this approach though. thanks.

sw0rdfish wrote:
> you should be able to create a method like so;
> 
> def check_password( password )
>    if password.length == 0
>    < whatever else you want  >
> end
> 
> then in the controller, call
> user.check_password( params[:password] )
> 
> if it returns true...  continue with the salting and off you go.
> 
> That should work.... but I could be wrong.  I''m tired today.
> 
-- 
Posted via http://www.ruby-forum.com/.

you can write some code in a method called validate in the the model, and
it''ll run that code before it validates your model... in which case you
can
call errors.add to add errors... 

I''ve not done much with it, but I know it''s something to that
effect.


Josh Kieschnick wrote:
> 
> yeah something like that would work. i''m just not familiar enough
with
> the rails framework to know if there''s an easier way to do it
using the
> active record validation helpers.
> 
> for now, i''ll just use this approach though. thanks.
> 
> sw0rdfish wrote:
>> you should be able to create a method like so;
>> 
>> def check_password( password )
>>    if password.length == 0
>>    < whatever else you want  >
>> end
>> 
>> then in the controller, call
>> user.check_password( params[:password] )
>> 
>> if it returns true...  continue with the salting and off you go.
>> 
>> That should work.... but I could be wrong.  I''m tired today.
>> 
> 
> -- 
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
> 
> 
-- 
View this message in context:
http://www.nabble.com/validation-on-methods--that-aren%27t-part-of-the-database.-tf2116574.html#a5840875
Sent from the RubyOnRails Users forum at Nabble.com.

so in theory, i can check the password the same way i would in your 
example but if it''s in the validate method, it will check automatically
before the record is saved? if that''s the way it works, that would be 
perfect.

sw0rdfish wrote:
> you can write some code in a method called validate in the the model, 
> and
> it''ll run that code before it validates your model... in which
case you
> can
> call errors.add to add errors...
> 
> I''ve not done much with it, but I know it''s something to
that effect.
-- 
Posted via http://www.ruby-forum.com/.

I got something to work:

  def validate
    unless self.password && self.password.length > 0
      errors.add(''Password'', ''is invalid'')
    end
  end

  def password=(pass)
    salt = [Array.new(6) { rand(256).chr
}.join].pack(''m'').chomp
    self.password_salt, self.password_hash = salt, 
Digest::SHA256.hexdigest(pass + salt)
    @password = pass
  end

  def password
    @password
  end

I would like to hear from anyone on doing things this way, just to see 
if this is something that would be secure.

-- 
Posted via http://www.ruby-forum.com/.