I use the jQuery Validation plugin for validation using remote: "/valid_password.json" to check on the server if the submitted password is the right one. The problem is that on the server the password is encrypted (using Authlogic), so when I compare the password parameter with the stored password, they are not the same. How can I validate the password using the JQuery Validation plugin?
Here is the code in the controller:
def valid_password
username = params[:user_session][:username]
password = params[:user_session][:password]
@user = User.find_by_username(username)
if @user.password == password
@password_ok = true
end
respond_to do |format|
format.json { render :json => @password_ok ? "true" : "false"}
end
end
Edit: After searching and reading, I have tried this: (still with no success)
def valid_password
username = params[:username]
password = params[:user_session][:password]
@user = User.find_by_username(username)
puts "TEST" + @user.crypted_password
@password = Authlogic::CryptoProviders::Sha512.encrypt(password)
puts "TEST" + @password
if @password == @user.crypted_password
@password_ok = true
end
respond_to do |format|
format.json { render :json => @password_ok ? "true" : "false"}
end
end
The two puts methods give different results. I think I should be using the stored password_salt to get the encryption right, but I don’t know how. Originally I used the wrong parameter for “username”, but now that is fixed.
Now it works!
I had to add the password_salt to the password before encrypting: