My form will have
Current password:
New password:
Confirm new password:
I’m trying to think of the best way to implement this. How would I confirm that the current password is correct but in the same form that will update my password?
I have my authenticate method which I can pass the current_user’s email into along with the password to confirm the current password but then how would I continue and update with the same form? How will it know that the current password has been confirm.
This seems like a basic thing to do but my mind feels like it’s reached a road block.
Advice, tips greatly appreciated.
Kind regards.
“How would I confirm that the current password is correct but in the same form that will update my password?”
The best way is to use Devise, Clearance, Authlogic or another gem and use the examples for them.
That said if you roll your own but are stumped on password change, a couple of ways are:
Submit the form (standard form submission) and if the password change works, change what you display next time around, preferable through simple flags, set in the controller that control what the view shows in the view form.
Submit the form (ajax) and if the password change works, use javascript (say jQuery) to change what the view is showing – hide the password fields and show the other fields you want again setting simlpe flag to control the display in the… controller.
You can use rjs to replace_html, etc. the pieces you want.
For other readers of this answer (the OP probably already knows this), if the password is hashed for security, e.g. MD5, and I’ll assume it is, then you can’t know what it is, but you can hash an attempt and compare to the hashed version (stored in the database) and if they match the user has provided they are the same.