before_save :encrypt_password

18 views
Skip to first unread message

Dave Castellano

unread,
Oct 14, 2011, 10:53:40 AM10/14/11
to rubyonra...@googlegroups.com
I am having a problem finding the best way to make a "before_save
:encrypt_password" conditional.

I have to at times update user model attributes but each time I do this
the password is reencrypted because of the above. I need to
differentiate between when the user is first logging in and the password
does need to be encrypted, and when they are already logged in and the
"before_save :encrypt_password" should not be called.

eg
if !signed_in?
before_save :encrypt_password
end

This does not work but Is there a rails variable that gets set when
logged in I can use?

Thanks,

DC

--
Posted via http://www.ruby-forum.com/.

Franz Strebel

unread,
Oct 14, 2011, 11:05:10 AM10/14/11
to rubyonra...@googlegroups.com
I suppose you'll need to re-encrypt it if it gets updated.  So why not
just check if the password was changed in your callback?

If not, and you only need to encrypt once, look at the before_create
callback.


--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonra...@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-ta...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.


Michael Pavling

unread,
Oct 14, 2011, 2:29:08 PM10/14/11
to rubyonra...@googlegroups.com
On 14 October 2011 15:53, Dave Castellano <li...@ruby-forum.com> wrote:
> I am having a problem finding the best way to make a "before_save
> :encrypt_password" conditional.
>
> I have to at times update user model attributes but each time I do this
> the password is reencrypted because of the above.  I need to
> differentiate between when the user is first logging in and the password
> does need to be encrypted, and when they are already logged in and the
> "before_save :encrypt_password" should not be called.

I would typically do something like this upon setting the attribute -
so it gets saved as normal as necessary. Create your own method, and
handle the encryption in there. Something along the lines of:

# user.rb
def password=(value)
attributes[:password] = FunkyEncryptionModule::encrypt(value)
end


I *actually* generally extract passwords out to their own model (if I
don't use an authorization gem), with a belongs_to :user association,
so the Password object stores all its own information regarding
hashed-value/salt/expiry-date/etc.

Reply all
Reply to author
Forward
0 new messages