[Rails] Re: require current_password to update user information

Thu, 20 Sep 2012 04:10:44 -0700 

How is your user model look like ?

On Monday, September 17, 2012 10:31:44 PM UTC+5:30, dasibre wrote:
>
> Rails newbie here, I have been stuck on this for two days and can't figure 
> out why its not working.
> I want users to confirm/verify themselves by entering their current/old 
> password before any information is updated.
> This is what My user_controller update action looks like
> I'm currently using rails 3.2 with the basic has_secured_password 
> authentication that comes with it.
>
>  def update
>     @user = User.find(params[:id])
>         respond_to do |format|
>         if @user.update_attributes(params[:user])
>         format.html { redirect_to users_url, notice: "User #{@user.name} 
> was successfully updated." }
>         format.json { head :no_content }
>          else
>                 format.html { render action: "edit" }
>                 format.json { render json: @user.errors, status: 
> :unprocessable_entity }
>       end
>     end
>   end
>
> here's my form view
>
>
>         <% if params[:action] == "edit" %>
>         <div class="field">
>                 <%= f.label :password %><br />
>                 <%= f.password_field :current_password, :placeholder => 
> "current password" %>
>         </div>
>         <% end %>
>   <div class="field">
>     <%= f.label :password, "Password" %><br />
>     <%= f.password_field :password, size: 40 %>
>   </div>
>    <div class="field">
>         <%= f.label :password_confirmation, 'Confirm' %><br />
>         <%= f.password_field :password_confirmation, size: 40 %>
>    </div>
>
> *I've tried using a before_update :confirm_password in the User model, 
> but it hasn't worked.*
> *I created a private method in the user controller*
> *
> *
>
> private
> def password_match
>      @user = User.find(params[:id])
>     @user.authenticate(params[:current_password)
> end
> then call a before_filter :password_match, :only => [:update] in the user 
> controller.
>
> Can anyone help, please. Thank you.
>

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msg/rubyonrails-talk/-/CIqKzS2JDuoJ.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to