0

I'm currently developing a quick little sinatra app, and I've managed to conquer authentication quite easily. However I cannot for the life of me get password changing to work. I'm using the code below with Datamapper, and although it reaches the redirect, the password does not change.

user = User.first(:token => session[:user])
if params[:newpassword] == params[:newpasswordconfirm]
    if BCrypt::Engine.hash_secret(params[:oldpassword], user.salt) == user.password_hash
        user.password_hash = BCrypt::Engine.hash_secret(params[:newpassword], user.salt)
        user.save
        redirect '/'

I've also tried 

user = User.first(:token => session[:user])
if params[:newpassword] == params[:newpasswordconfirm]
    if BCrypt::Engine.hash_secret(params[:oldpassword], user.salt) == user.password_hash
        user.update(:password_hash = BCrypt::Engine.hash_secret(params[:newpassword], user.salt)
        redirect '/'

however this also fails to update the value. Unsure what I've done wrong.

class User 
include DataMapper::Resource

attr_accessor :password, :password_confirmation

property :id, Serial
property :username, String, :required => true, :unique => true
property :password_hash, Text  
property :salt, Text
property :token, String

validates_presence_of           :password
validates_confirmation_of       :password
validates_length_of             :password, :min => 6
end
Simon M
  • 15
  • 3
  • The `attr_accessor` and validations look non-necessary to me - perhaps from some previous attempt where the password was stored plaintext? AFAICS, DataMapper is never going to see a valid `password` property, so all User objects are not valid . . . unless I'm missing some code? – Neil Slater Apr 30 '13 at 21:11
  • Inspect `user.errors` after `user.save`. It should contain some explanations why the object is not saved. – ujifgc May 01 '13 at 11:15

0 Answers0