Rails - Oct 2012 - Don't clear password fields if the password is ok

Hi,

I''ve done a registration form with password and password_confirmation 
fields and the fields are being cleared if there is an error with another 
form input, e.g. invalid email. I find it annoying that password has to be 
reentered when there is a problem with another field, actually, there can 
be many iterations until the user gets input right. All this time having to 
reenter password and confirmation is clearly annoying.

So, I would like the password and confirmation fields not to be cleared if 
the password is ok and confirmation matches it. However, I have no idea 
where to start. Any ideas?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/lWwvK-y89gcJ.
For more options, visit https://groups.google.com/groups/opt_out.

On Oct 26, 2012, at 7:15 AM, Dmitry Maksyoma wrote:
> Hi,
> 
> I''ve done a registration form with password and
password_confirmation fields and the fields are being cleared if there is an
error with another form input, e.g. invalid email. I find it annoying that
password has to be reentered when there is a problem with another field,
actually, there can be many iterations until the user gets input right. All this
time having to reenter password and confirmation is clearly annoying.
> 
> So, I would like the password and confirmation fields not to be cleared if
the password is ok and confirmation matches it. However, I have no idea where to
start. Any ideas?
Are you using an authentication engine, like Devise? This may be happening in a
mixin in the model in that case, and you''ll have to open that up and
change the behavior. Otherwise, what does your view look like for the form?

Walter
> 
> Thanks.
> 
> -- 
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
> To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/lWwvK-y89gcJ.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

On Saturday, October 27, 2012 2:08:53 AM UTC+13, Walter Lee Davis
wrote:
>
> > I''ve done a registration form with password and
password_confirmation
> fields and the fields are being cleared if there is an error with another 
> form input, e.g. invalid email. I find it annoying that password has to be 
> reentered when there is a problem with another field, actually, there can 
> be many iterations until the user gets input right. All this time having to
> reenter password and confirmation is clearly annoying. 
> > 
> > So, I would like the password and confirmation fields not to be
cleared
> if the password is ok and confirmation matches it. However, I have no idea 
> where to start. Any ideas? 
>
> Are you using an authentication engine, like Devise? This may be happening 
> in a mixin in the model in that case, and you''ll have to open that
up and
> change the behavior. Otherwise, what does your view look like for the form?
>
No, I''m not using auth engine, I only use
`has_secure_password''. I''ve tried
removing that and adding `attr_accessor :password,
:password_confirmation''
and it didn''t change a thing, so it seems to be the default Rails
behaviour.

My view: http://pastebin.com/s7tpwN4D

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/2pL6wpk8h2cJ.
For more options, visit https://groups.google.com/groups/opt_out.

Dmitry Maksyoma wrote in post #1081303:
> No, I''m not using auth engine, I only use
`has_secure_password''. I''ve
> tried
> removing that and adding `attr_accessor :password,
> :password_confirmation''
> and it didn''t change a thing, so it seems to be the default Rails
> behaviour.
>
> My view: http://pastebin.com/s7tpwN4D
I''m not 100% sure about this, but I have a feeling that behavior exists
for security reasons. The primary concern about providing a password to 
a server is limiting the amount of time the cleartext version exists.

In fact I''d be willing to wager that the hashing occurs in the RACK 
middleware, which means your Rails application never sees the cleartext 
password, and therefore would not have it to send back in the response.

-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.