Require old password to enter a new password

Question

Require old password to enter a new password

Right now, every time I change something in the user / edit the form, the user must set a new password. I would like for this to require the current password (how can I request the current password?), Only if a new password is entered. How can I achieve this, thanks for that.

<%= form_for(@user, :html => {:multipart => true}) do |f| %> <%= render 'shared/error_messages', object: f.object %> <%= f.text_field :name, placeholder: :name %> <%= f.text_field :email, placeholder: :email %> <%= f.password_field :password, placeholder: "Enter new password" %> <%= f.password_field :password_confirmation, placeholder: "Confirm new password" %> <%= f.submit "Save changes", class: "btn btn-large btn-primary" %> <% end %>

+6

passwords ruby-on-rails form-for

Jaqx Apr 4 '13 at 7:38

source share

4 answers

You can add old_password in the form field

 <%= f.password_field :old_password, placeholder: "Enter current password" %>

Add it to attr_accessible :old_password and attr_accessor :old_password

And then you can check it out

 validate :correct_old_pass, :on => :update def correct_old_pass errors[:old_password] << 'Incorrect pass' if your_check_method end

+2

Konstantin ilchenko Apr 4 '13 at 7:53

source share

You can create a separate form for changing the password. And you can request the current password in the same way as you ask for a new one:

 <%= form_for(@user, :html => {:multipart => true}) do |f| %> <%= f.password_field :password, placeholder: "Enter current password" %> <%= f.password_field :password, placeholder: "Enter new password" %> <%= f.password_field :password_confirmation, placeholder: "Confirm new password" %> <%= f.submit "Save changes", class: "btn btn-large btn-primary" %> <% end %>

+1

Shimon rachlenko Apr 4 '13 at 7:42

source share

I would suggest doing the additional actions edit_password and update_password for this in your user_controller:

 @user = User.find(params[:id]) user = User.find_by_email(current_user.email).try(:authenticate, params[:current_password]) if user && @user.update_attributes(params[:user]) flash[:success] = "Password updated!" (sign_in @user) redirect_to ...

In your form, just use these fields:

  <%= label_tag :current_password, "Current password:" %> <%= password_field_tag :current_password, params[:current_password] %> <%= form.label :password, "New password:" %> <%= form.password_field :password %> <%= form.label :password_confirmation, "Confirm new password" %> <%= form.password_field :password_confirmation %>

+1

rails_has_elegance Apr 4 '13 at 8:05

source share

Jaqx · Accepted Answer · 2013-04-05T08:16:44+0000

Using some information from rails_has_elegance and on the Internet, I came up with the following solution.

user / editing:

 <%= form_for(@user, :html => {:multipart => true}) do |f| %> <%= render 'shared/error_messages', object: f.object %> <%= f.text_field :name, placeholder: :name %> <%= f.text_field :email, placeholder: :email %> <%= password_field_tag :current_password, params[:current_password], placeholder: "Current password" %> <%= f.password_field :password, placeholder: "New password (optional)" %> <%= f.password_field :password_confirmation, placeholder: "Confirm new password" %> <% end %>

User Model:

 validates :password, :on => :create validates :password_confirmation, presence: true, :on => :update, :unless => lambda{ |user| user.password.blank? }

User controller:

 def update @user = User.find(params[:id]) user = User.find_by_email(current_user.email).try(:authenticate, params[:current_password]) if user && @user.update_attributes(params[:user]) flash[:success] = "Profile updated" sign_in @user redirect_to @user else flash.now[:error] = "Incorrect Current Password" unless user sign_in @user render 'edit' end end

Require old password to enter a new password

More articles: