Home/ Questions/Q 8000325
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T15:45:28+00:00

I have a User model, and authentication is provided by has_secure_password. I would like

  • 0

I have a User model, and authentication is provided by has_secure_password. I would like to implement a separate view for password edits.

Are there any decent tutorials or learning resources where I can go for more on how to best accomplish this?

My simplified model:

class User < ActiveRecord::Base
  attr_accessible :email, :name, :password, :password_confirmation
  has_secure_password

  before_save :create_remember_token

  validates :name, presence: true, length: { maximum: 50 }
  validates :email, presence: true, uniqueness: { case_sensitive: false }, format: { with: /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i }
  validates :password, :length => { :within => 6..40 }
  validates :password_confirmation, presence: true    
end

I’d like to make sure that the password validations only run when the user is editing the change_password page, and that there is a separate page for editing passwords.

I imagine I need new controller actions, like edit_password and update_password. Would I then do: validates :password, on: [:create, :update_password]?

I’m a bit stuck and would really like to browse some sample code or blog posts on this subject.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you want to run validations only when

    1.creating the new user
2.updating the password

    You can go for conditional validations.

    class User < ActiveRecord::Base
  attr_accessor :update_password

  validates :password, :length => { :within => 6..40 }, :if => new_record? || update_password
  validates :password_confirmation, presence: true, :if => new_record? || update_password
end

    And in your controller you need to set the update_password is true.

    class PasswordsController < ActionController::Base

 def edit
   #You will render the password edit view here
 end

 def update
   @user = User.find(params[:id])
   @user.update_password = true
   @user.password = params[:password]
   @user.password_confirmation = params[:password_confirmation]
   if @user.save
      #success redirect here
   else
      render :edit
   end
 end

end

    FYI.

    validates :password, on: [:create, :update_password]

    Here :create, :update_password does not means the controller actions.It means the various states of the user object. Its includes :create, :update and update_password is not valid state.

    • 0