Hi everyone, I''d like some help to understand this method:
def self.authenticate(email, submitted_password)
user = find_by_email(email)
return nil if user.nil?
return user if user.has_password?(submitted_password)
# Don''t understand why it doesn''t return user instead of
nil
# since ''user = find_by_email(email)'' was the last
evaluated expression
end
like the comment, I just don''t get it, if anyone could explain it to
me,
please do it.
Thank you
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
Because returning a user would mean that the answer was ambiguous, since it is both true-ish (yes, there''s a user at that name) and false (no, that''s not the right password for that user) at the same time. I can see why the decision was made to do things that way, since if authentication fails, you want to return false, not user, since user is apparently the signature of a successful login. In at least two authentication frameworks I have looked at, the authors are very clear about the sort of "no-answer" they give if you fail to log in. They don''t say which was wrong -- username or password -- so that there''s less evidence to go on in a dictionary attack. Walter On May 5, 2011, at 9:37 PM, Rodrigo Ruiz wrote:> Hi everyone, I''d like some help to understand this method: > > def self.authenticate(email, submitted_password) > user = find_by_email(email) > return nil if user.nil? > return user if user.has_password?(submitted_password) > # Don''t understand why it doesn''t return user instead of nil > # since ''user = find_by_email(email)'' was the last evaluated > expression > end > > like the comment, I just don''t get it, if anyone could explain it to > me, please do it. > > Thank you > > -- > You received this message because you are subscribed to the Google > Groups "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails- > talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org > . > For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en > .-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
> > # since ''user = find_by_email(email)'' was the last evaluated expression >Wrong. In case user doesn''t match password then last evaluated statement was if user.has_password?(submitted_password) which is a ''if modifier'' for ''return user'' statement; and it returned nil. See from irb session: ruby-1.9.2-p0 > true if false => nil ruby-1.9.2-p0 > true if true => true In case ''if modifier'' evaluates to false it will return nil - which is exactly your case. ---- http://blog.eugen.co -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Thank you, I got it now =), I didn''t know that inside if evaluations counted. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.