cielo
2011-Feb-14 02:03 UTC
Devise is causing the [The change you wanted was rejected.] Error...
I am using the custom made Devise controller.
I moved from PHP to Rails that, old users password are stored in
Devise:user table in form of
"devise_encryption(oldencryption(password))"
If an user login, and app finds out that this user''s password is in
form of "devise_encryption(oldencryption(password))", I then change it
in to a form of "devise_encryption(password)" with password
params[:user][:password]
I am getting the below error when old user tries to login. (new users
who registered after site migration logins just fine)
---------------------------------------------------------------------------
The change you wanted was rejected.
Maybe you tried to change something you didn''t have access to.
---------------------------------------------------------------------------
Simple process is that
STEP 1. do the normal login attempt(find user with email&password) as
what devise do, and if authenticate fails, go to step 2
STEP 2. helper function will do login attempt with my old password
encryption style(md5 for example), and look for the user
STEP 3. if user is found (user with
email&devise_encryption(oldencryption(password))), change the
@user''s
password to the devise_encryption(params[:user][:password]) which just
passed in with Devise password.
Below is the custom devise controller that I am using.
The custom controller looks like this
def create
resource = warden.authenticate!(:scope => resource_name, :recall
=> "oldusercheck") #calling oldusercheck helper function
set_flash_message(:notice, :signed_in)
sign_in_and_redirect(resource_name, resource)
end
def oldusercheck
@user = User.find_by_email(params[:user][:email])
if @user.nil?
set_flash_message(:alert, :invalid)
redirect_to :action=>''new''
else
if @user.valid_password?(Digest::MD5.hexdigest(params[:user]
[:password])) # Authenticates against Devise
@user.password = @user.password_confirmation = params[:user]
[:password] #Save the password with given param
@user.save! # Encrypts the password with Devise
set_flash_message(:notice, :signed_in)
sign_in_and_redirect(resource_name, @user)
else
set_flash_message(:alert, :invalid)
redirect_to :action=>''new''
end
end
end
It think the problem is caused by lines .. (I don''t know if below
lines actually cause the problem..)
@user.password = @user.password_confirmation = params[:user]
[:password] #Save the password with given param
@user.save! # Encrypts the password with Devise
Is this not a correct way to change the password?
Its weird that things work just fine in Development, but does not work
well in Production
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
Possibly Parallel Threads
- flash[;notice] not display after redirection
- getting devise to return json data when signing out
- Does Devise make use of a "status" method? Weird bug.
- Devise - Configuring the Routes fine for Controller Inheritance
- Rspec devise, testing extended RegistrationController action destroy
Wisdom of the Ancients
