I'm not sure this is something merb-auth should be doing for you. In my app, I have similar behavior as you need. My user class has two class methods: authenticate and validate_password see this gist http://gist.github.com/41794
authenticate is required by merb-auth and is factored to call validate_password so I can do just what you are talking about. Sometimes you simply need to validate the password whether logged in or not. It sounds like you are using the salted_user plugin thingy. I don't recommend this approach because as shown in your case, you end up not really understanding your own user behavior. hope this helps, Jon On Dec 31, 4:50 am, Jenny <[email protected]> wrote: > Alright then, lets see how well you guys do with this one: > > I've got merb_auth up and running just fine (it's very well > documented), but I seem to have hit a snag. I want a user to be able > to edit their account, but I want this to be password protected. That > is, even though the user is logged in, I want them to have to enter > their current password in order to change their settings/password/e- > mail, etc. However, if I try to access the password directly, I only > get "password" as a result (thus, unless the user actually has a > password of "password" it always claims that they entered the password > incorrectly. (Although actually I just tried having a password of > "password", and no, it does nothing.) > > I undestand that merb_auth encrypts or salts or whatever the password > for security purposes, but is there anyway that I can compare the > encrypted password with the password they give me, even if I have to > let merb-auth encrypt the confirmation password? > > Failing that, can anyone think of a way for merb-auth to do this for > me? You'd think this would be included functionality, but I can't find > reference to it anywhere. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "merb" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/merb?hl=en -~----------~----~----~----~------~----~------~--~---
