Rails newbie here, I have been stuck on this for two days and can't figure
out why its not working.
I want users to confirm/verify themselves by entering their current/old
password before any information is updated.
This is what My user_controller update action looks like
I'm currently using rails 3.2 with the basic has_secured_password
authentication that comes with it.
def update
@user = User.find(params[:id])
respond_to do |format|
if @user.update_attributes(params[:user])
format.html { redirect_to users_url, notice: "User #{@user.name}
was successfully updated." }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: @user.errors, status:
:unprocessable_entity }
end
end
end
here's my form view
<% if params[:action] == "edit" %>
<div class="field">
<%= f.label :password %><br />
<%= f.password_field :current_password, :placeholder =>
"current password" %>
</div>
<% end %>
<div class="field">
<%= f.label :password, "Password" %><br />
<%= f.password_field :password, size: 40 %>
</div>
<div class="field">
<%= f.label :password_confirmation, 'Confirm' %><br />
<%= f.password_field :password_confirmation, size: 40 %>
</div>
*I've tried using a before_update :confirm_password in the User model, but
it hasn't worked.*
*I created a private method in the user controller*
*
*
private
def password_match
@user = User.find(params[:id])
@user.authenticate(params[:current_password)
end
then call a before_filter :password_match, :only => [:update] in the user
controller.
Can anyone help, please. Thank you.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/XdP_MLM92u0J.
For more options, visit https://groups.google.com/groups/opt_out.
