How to check current password in Rails (Devise gem)?

Question

I'm failing to check current password using jQuery validation. I'm using Devise gem and jQuery validation. Firebug says:

the problem is in my controller :

def checkpass
 user = User.find_by_email(params[:user][:email])
 respond_to do |format|
 if user && user.authenticate(params[:user][:password])
    format.json { render :json => @user }
 end

end

with this code Firebug gives me error

 406 Not Acceptable

end

example of checkemail uniqueness action:

 def checkemail
  @user = User.find_by_email(params[:user][:email])
   respond_to do |format|
   format.json { render :json => !@user }
  end
end

My js:

$("#edit_password").validate({
   "user[current_password]":{
            required: true,
            minlength: 6,
            remote: {
          url: "http://127.0.0.1:3000/checkpass"
          }
 ...
 })

and HTML:

   <input type="password" size="30" name="user[current_password]" id="user_current_password" class="valid">

Can someone suggest how to do it ?

score 9 · Answer 1 · answered Jun 19 '14 at 11:10

I am using rails version 4 and when I tried doing user.authenticate I got error saying unknown methods, so I found the other method for checking if password is valid,

valid_password?(current_password)

I thought to share it so it might help someone else as well.

Aayush Khandelwal · Accepted Answer · 2012-09-26T10:15:58.423

5

in the controller in function check_pass

  user = User.find_by_email(params[:user][:email])
  respond_to do |format|
     if user && user.authenticate(params[:user][:password])
        format.json { render :json => @user }
     end
  end

edited Sep 26 '12 at 10:15

answered Sep 26 '12 at 10:07

Aayush Khandelwal

1,071
7
11

`syntax error, unexpected tIDENTIFIER, expecting ')' format.json { render :json => @user }` – MID Sep 26 '12 at 10:10
if user && user.authenticate(params[:user][:password]) format.json { render :json => @user } end – Aayush Khandelwal Sep 26 '12 at 10:14
`Template is missing`, without respond_to do. I can't get why, when I checke uniqueness it didn't want template. – MID Sep 26 '12 at 10:17
Check example in my question. – MID Sep 26 '12 at 10:21

score 0 · Answer 3 · answered Sep 26 '12 at 10:11

0

Password is not stored in plain text format it's a salted hash,so user can't find using password.

You can authenticate password is valid or not so salted hash work like

crypted string = plaintext(password)+hashing algo(encrypt)
some random string(salt) +crypted string then checked for match You can use warden.authenticate or authenticate (check docs) method on user to verify password

answered Sep 26 '12 at 10:11

Amar

6,874
4
25
23

what you want exactly in devise you have to customize device you can use like `resource = warden.authenticate!(:scope => resource_name, :recall => "home#index")` # Override – Amar Sep 26 '12 at 10:15
I think I'm close to the answer. Can you look at comments above ? – MID Sep 26 '12 at 10:21
Your request is ajax?and what is the dataType in ajax request – Amar Sep 26 '12 at 10:24
try to set `dataType`,or `header('Content-type: application/json');` in remote http://stackoverflow.com/questions/5178012/jquery-remote-validation, – Amar Sep 26 '12 at 10:34
dataType is already set - from Firebug : `Content-Type application/json; charset=utf-8` – MID Sep 26 '12 at 11:54

How to check current password in Rails (Devise gem)?

3 Answers3