Home/ Questions/Q 758595
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T15:29:52+00:00

This code is from the agile web development with rails book.. I don’t understand

  • 0

This code is from the agile web development with rails book.. I don’t understand this part of the code…
User is a model which has name,hashed_password,salt as its fields. But in the code they are mentioning about password and password confirmation, while there are no such fields in the model. Model has only hashed_password. I am sure mistake is with me. Please clear this for me 🙂
User Model has name,hashed_password,salt. All the fields are strings

require 'digest/sha1'
class User < ActiveRecord::Base 
      validates_presence_of :name
      validates_uniqueness_of   :name
      attr_accessor :password_confirmation 
      validates_confirmation_of :password
      validate :password_non_blank

      def self.authenticate(name, password) 
          user = self.find_by_name(name) 
          if user
             expected_password = encrypted_password(password, user.salt)             
             if user.hashed_password != expected_password
                user = nil 
             end
          end
          user
      end

      def password 
          @password
      end

      def password=(pwd) 
          @password = pwd 
          return if pwd.blank? 
          create_new_salt 
          self.hashed_password = User.encrypted_password(self.password, self.salt)
      end

      private
        def password_non_blank 
            errors.add(:password,"Missing password")if hashed_password.blank?
        end

        def create_new_salt 
            self.salt = self.object_id.to_s + rand.to_s
        end

        def self.encrypted_password(password, salt) 
            string_to_hash = password + "wibble" + salt  
            Digest::SHA1.hexdigest(string_to_hash)
        end 
end
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    attr_accessor is used to create getter/setter methods for an instance variable. For example:

    attr_accessor :foo

# is equivalent to

def foo
  @foo
end

def foo=(value)
  @foo = value
end

    In the code you pasted, def password and def password= are defined manually. However, I’m a bit confused by the use of:

    attr_accessor :password_confirmation

    validates_confirmation_of :foo automatically creates a foo_confirmation accessor, so this should be:

    attr_accessor :password
validates_confirmation_of :password

    Add a simple before_save callback to encrypt the password and you’re all done.

    require 'digest/sha1'
class User < ActiveRecord::Base

  # attrs
  attr_accessor :password

  # class methods
  class << self
    def encrypt(password, salt)
      Digest::SHA1.hexdigest("--#{salt}--#{password}--");
    end
  end

  # validation
  validates_presence_of       :name
  validates_confirmation_of   :password

  # callbacks
  before_save :encrypt_password

  protected

  def encrypt_password
    return if password.blank?
    if new_record?
      self.salt = Digest::SHA1.hexdigest("--#{Time.now}--#{name}--")
    end
    self.encrypted_password = User.encrypt(password, salt)
  end

end
    • 0