easy way to validate password for a lifecycle transition?
20 views
Skip to first unread message
kevinpfromnm
Nov 30, 2012, 3:47:20 PM11/30/12
to hobo...@googlegroups.com
I'm trying to add a mass delete option for users to be able to purge their current items. I figured having them validate their password would be a good bit of security added since it's a pretty destructive option. The current lifecycle almost makes this easy (since the transition is on the user model) by adding current_password to the params. This works but for one snag, it tries to validate password field, ie length, more than just lowercase, etc.
So, hoping there's a simple way to ignore that validation or tweak the validation so it doesn't apply when password is nil. It'd be really cool to be able to add a simple password validation to user transitions by adding :available_to => :self, :params => [ :current_password ]
So, hoping there's a simple way to ignore that validation or tweak the validation so it doesn't apply when password is nil. It'd be really cool to be able to add a simple password validation to user transitions by adding :available_to => :self, :params => [ :current_password ]
Owen Dall
Nov 30, 2012, 3:52:16 PM11/30/12
to hobo...@googlegroups.com
Yes, that would be cool. : -)
--
On Fri, Nov 30, 2012 at 3:47 PM, kevinpfromnm <kevinp...@gmail.com> wrote:
I'm trying to add a mass delete option for users to be able to purge their current items. I figured having them validate their password would be a good bit of security added since it's a pretty destructive option. The current lifecycle almost makes this easy (since the transition is on the user model) by adding current_password to the params. This works but for one snag, it tries to validate password field, ie length, more than just lowercase, etc.
So, hoping there's a simple way to ignore that validation or tweak the validation so it doesn't apply when password is nil. It'd be really cool to be able to add a simple password validation to user transitions by adding :available_to => :self, :params => [ :current_password ]
--
You received this message because you are subscribed to the Google Groups "Hobo Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/hobousers/-/KTf84b8YUGMJ.
To post to this group, send email to hobo...@googlegroups.com.
To unsubscribe from this group, send email to hobousers+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
-Owen
Owen Dall
Vice President | Chief Technology Officer
Barquin International
Office: 202.296.7147 | Mobile: tel:410.991.0811
Fax: 202.296.8903 | email: od...@barquin.com
Bryan Larsen
Nov 30, 2012, 7:57:05 PM11/30/12
to hobo...@googlegroups.com
I think the changes are available when the validations run, so maybe
it's as simple as adding "password_changed &&" to the front of the
password validation.
Bryan
it's as simple as adding "password_changed &&" to the front of the
password validation.
Bryan
kevinpfromnm
Nov 30, 2012, 9:07:45 PM11/30/12
to hobo...@googlegroups.com
That or maybe redefining changing_password? to not include check for current_password. Thanks
Reply all
Reply to author
Forward
0 new messages