Force users to change password after they sign in

26 views
Skip to first unread message

odieom

unread,
Sep 19, 2012, 5:47:18 PM9/19/12
to hobo...@googlegroups.com
For the life of me I cannot find where to do this. I haven't even been able to find where the login action takes place. Can anyone help me?

Vivek Sampara

unread,
Sep 20, 2012, 2:37:25 AM9/20/12
to hobo...@googlegroups.com
/app/controllers/users_controller.rb 

def login 
  hobo_login
end

Vivek

On Thu, Sep 20, 2012 at 3:17 AM, odieom <mej...@gmail.com> wrote:
For the life of me I cannot find where to do this. I haven't even been able to find where the login action takes place. Can anyone help me?

--
You received this message because you are subscribed to the Google Groups "Hobo Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/hobousers/-/N10xB-PU4TUJ.
To post to this group, send email to hobo...@googlegroups.com.
To unsubscribe from this group, send email to hobousers+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.

Bryan Larsen

unread,
Sep 20, 2012, 9:04:56 AM9/20/12
to hobo...@googlegroups.com
In one of our apps we tweaked the lifecycle to add an activation step:

transition :activate, { :inactive => :active }, :params =>
[:password, :password_confirmation], :available_to => :key_holder

cheers,
Bryan

Ricardo Mejia

unread,
Sep 20, 2012, 1:20:22 PM9/20/12
to hobo...@googlegroups.com
Thanks Bryan, I tried changing the activate transition the way you mentioned, but nothing happened. What I want to do is force the user to change his password the first time he logs in. All the user's user and password are already created.

2012/9/20 Bryan Larsen <br...@larsen.st>

Vivek Sampara

unread,
Sep 20, 2012, 8:43:45 PM9/20/12
to hobo...@googlegroups.com
I would consider doing this in 2 ways. 

1. If you dont mind considering to change the user model , add a bool field to user model "login_firsttime" and set it to true by default for all. 
    add a check on the user_controller login action 
    if login_firsttime? 
      redirect_to [your_custom_form_to_force_password_change] 
    end
 2. on the controller 
     if user.created_at == user.updated_at 
      redirect_to [your_custom_form_to_force_password_change]
    end

Cheers,
Vivek 

Ricardo Mejia

unread,
Sep 20, 2012, 9:23:02 PM9/20/12
to hobo...@googlegroups.com

Thanks Vivek, I actually had already considered adding the field to check wether it was the first time they logged in. I will try what you suggested and let you know about the result.

Henry Baragar

unread,
Sep 21, 2012, 1:40:31 AM9/21/12
to hobo...@googlegroups.com
There is a third way:
  1. Create the following two transitions in the user model:
    1. transition :activate, { :inactive => :password_reset_required }, :available_to => :key_holder
      • this replaces the :inactive => :active transition
    2. transition :password_reset { [:active, :password_reset_required] => :active }
  2. In your application controller add:
    • before_filter :reset_password_if_required
    • def reset_password_if_required
      • redirect to the change password page if "logged_in? && current_user.lifecycle.password_reset_required?"
  3. In your user model add:
    • def after_update
      • self.lifecycle.password_reset! if crypted_password_changed?
Fortunately, the User.authenticate method does not check the status.


Regards,
Henry
-- 
Henry Baragar
Instantiated Software Inc.
http://www.instantiated.ca
Henry_Baragar.vcf
Reply all
Reply to author
Forward
0 new messages