Home/ Questions/Q 8721425
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T07:13:11+00:00

I’m using the Sorcery Gem to handle authentication in my Rails App (Which is

  • 0

I’m using the Sorcery Gem to handle authentication in my Rails App (Which is using MongoDB via Mongoid as DB) and my user model looks like this:

class User
  include Mongoid::Document
    attr_accessible :username, :email, :password, :password_confirmation
    authenticates_with_sorcery!

    field :username, :type => String
    field :email, :type => String
    field :username, :type => String
    
    field :password, :type => String
    field :password_confirmation, :type => String

  validates_confirmation_of :password
  validates_presence_of :password, :on => :create
  validates_presence_of :username
  validates_uniqueness_of :username
  validates_presence_of :email
  validates_uniqueness_of :email

end

Creating a new user via the "New user view" (this one):

<%= form_for @user do |f| %>
  <% if @user.errors.any? %>
    <div class="error_messages">
      <h2>Form is invalid</h2>
      <ul>
        <% for message in @user.errors.full_messages %>
          <li><%= message %></li>
        <% end %>
      </ul>
    </div>
  <% end %>
  <div class="field">
    <%= f.label :username %>
    <%= f.text_field :username %>
  </div>
  <div class="field">
    <%= f.label :email %>
    <%= f.text_field :email %>
  </div>
  <div class="field">
    <%= f.label :password %>
    <%= f.password_field :password %>
  </div>
  <div class="field">
    <%= f.label :password_confirmation %>
    <%= f.password_field :password_confirmation %>
  </div>
  <div class="actions"><%= f.submit %></div>
<% end %>

Results in a record like this one in the database:

1.9.3-p286 :002 > u = User.first
 => #<User _id: 507e6dd961ef51512d000004, _type: nil, username: "Jmlevick", email: "Jmlevick@Jmlevick.com", crypted_password: "$2a$10$yoRzXIu0a2uRRuu9z5MbD.TQQ2upawMC0DGuC/njlQjqzHwdhVWTm", salt: "xwCVQuCNWb9o3fKgvffa", remember_me_token: nil, remember_me_token_expires_at: nil, reset_password_token: nil, reset_password_token_expires_at: nil, reset_password_email_sent_at: nil, password: nil, password_confirmation: "MySecretPassword">

So the user it’s saved and I can access with the credentials, but as you can see there are two weird things up there in the record: 1) password is set to "nil" (But the database in fact saves the actual password and crypts it, so I’m fine with it) and the :password_confirmation Field reveals the password (which has to be crypted for security)!

Why is this happening? How can I solve it? I need a password confirmation field!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think you simply need to not include the password_confirmation field in your User class- Mongoid should look for a password_confirmation field because you have the validate_confirmation_of :password set, so I don’t think you need to set it explicitly.

    • 0