All geek questions in one place

Ruby on Rails Development - Force Password Changes on First-Time Login

I have a RoR application (Rails 4.2, Ruby 2.2.0) that is running Devise. I set it up so that admin users (identified by the logical name "is_admin" added to the user model) can create a new user account, provide them with the generated password and email confirmation. It all works fine. I also added a datetime pass_changed column, which should be updated when the user changes his password, and then checked with create_at to make sure the password has been changed since the account was created. If the two dates match, then the user is redirected to the password change form.

I wrote a procedure to verify that the user changed his password and placed it in his application_controller.rb file:

def check_changed_pass @user = current_user if @user.pass_changed == @user.created_at #make sure user has changed their password before accessing internal pages redirect_to edit_user_registration_path, alert: "You must change your password before logging in for the first time" end end

Then in my inner_controller.rb (used for all internal ones that require the user to log in:

 before_action :check_changed_pass

So far, so good, but the problem is trying to update pass_changed at the right time. I tried various configurations, but I can’t find where to put this code so that it works when the password is updated, but not every time the user model is updated, including every login and logout, when I only want it if the password updated.

If I put "before_save: update_pass_change", only: [: edit ,: update] "in my controller it does not start when the password is updated, and if I put it in the user model, I have to put the procedure in the model and then it will not display current_user because it is not available in the model, the ideal thing would be if Devise had a hook for after_password_edit similar to hook_ after_database_authentication. I had to override Devise registrations_controller.rb to remove the line

 prepend_before_filter :require_no_authentication, only: [ :cancel]

Thus, admin users will be able to add new users. I tried posting update_pass_change there, but it doesn't seem to start before_save when editing the password.

In application_controller.rb

 def update_pass_change # records that the user has changed their password unless current_user.pass_changed != current_user.created_at current_user.pass_changed = Time.now end end

Unanswered similar question: Ruby on Rails: Devise - password change at first login

+6
source share
2 answers

You can use the callback for your model and check before saving if the changes include your password. Something like that:

 class User < ActiveRecord::Base before_save :check_password_changed private def check_password_changed self.pass_changed = Time.now if changed.include? 'encrypted_password' end end
+6
source

You can also try this.

  • change pass_changed data pass_changed to boolean with default value false

  • Then in your application application_controller.rb

     before_action :check_pass_changed private def check_pass_changed unless current_user.pass_changed redirect_to custome_password_edit_path, alert: "You must change your password before logging in for the first time" end end

  • Then create your own action in ur users_controller to display the password change form and update. eg. To display the form: custome_password_edit Update: update_user_password also do not forget to write above in routes.rb

  • after successful change, update pass_changed to true

+1
source

Source: https://habr.com/ru/post/984621/

More articles:


All Articles