Hrrm....So, even though I'm using merb_auth, I don't have to necessarily use salted user. So, if all I'm doing is redefining authenticate, then should my code work the same? Because it's not. For example, the "activated" call you have kills me code dead (Unknown property 'activated') . Is that something merb or merb-auth should be taking care of, or do you define it elsewhere?
I followed this tutorial: http://singlecell.angryamoeba.co.uk/post/60951656/an-introduction-to-merb-auth-and-the-wonderful-secrets Including doing things like using the merb-auth-password-slice. I can get rid of the inclusion of salted user entirely and it still works (even though I still don't define authenticate in my main class, which I think is kind of weird) *sigh* It's kind of disheartening to have something working and then have to redo it. But such is life and coding I suppose. -Jenny On Dec 30, 6:03 pm, Jon Hancock <[email protected]> wrote: > I'm not sure this is something merb-auth should be doing for you. > In my app, I have similar behavior as you need. My user class has two > class methods: authenticate and validate_password > see this gisthttp://gist.github.com/41794 > > authenticate is required by merb-auth and is factored to call > validate_password so I can do just what you are talking about. > Sometimes you simply need to validate the password whether logged in > or not. > > It sounds like you are using the salted_user plugin thingy. I don't > recommend this approach because as shown in your case, you end up not > really understanding your own user behavior. > > hope this helps, Jon > > On Dec 31, 4:50 am, Jenny <[email protected]> wrote: > > > Alright then, lets see how well you guys do with this one: > > > I've got merb_auth up and running just fine (it's very well > > documented), but I seem to have hit a snag. I want a user to be able > > to edit their account, but I want this to be password protected. That > > is, even though the user is logged in, I want them to have to enter > > their current password in order to change their settings/password/e- > > mail, etc. However, if I try to access the password directly, I only > > get "password" as a result (thus, unless the user actually has a > > password of "password" it always claims that they entered the password > > incorrectly. (Although actually I just tried having a password of > > "password", and no, it does nothing.) > > > I undestand that merb_auth encrypts or salts or whatever the password > > for security purposes, but is there anyway that I can compare the > > encrypted password with the password they give me, even if I have to > > let merb-auth encrypt the confirmation password? > > > Failing that, can anyone think of a way for merb-auth to do this for > > me? You'd think this would be included functionality, but I can't find > > reference to it anywhere. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "merb" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/merb?hl=en -~----------~----~----~----~------~----~------~--~---
