Comments on: How to Change or Reset your Password with RESTful_authentication

By: Ron

Ron — Tue, 16 Aug 2011 13:08:28 +0000

Thanks a lot, worked great.

By: Art

Art — Wed, 03 Mar 2010 03:13:15 +0000

Authentication on whether the passwords are of correct length are bypassed somehow. Any ideas?

By: Cristobal Viedma

Cristobal Viedma — Tue, 22 Sep 2009 13:42:58 +0000

I still don’t get it. I think Ben is talking to the PasswordsController Create method. As in, if I know your username and email, I can be resetting your password as many times as I want, and I could be doing that everyday. Isn’t it so?

By: Marc

Marc — Tue, 01 Sep 2009 09:11:14 +0000

So I tried to make it so that when the user logs in with the @new_password that it would go to the edit password page so they have to change it. This is what I put it in but it doesn’t work…

This is in the create method of the Sessions controller.

if user.password == @new_password
redirect_to edit_user_password_path(user)
else
redirect_back_or_default(‘/’)
flash[:notice] = “You are now logged in.”
end

Any ideas?

By: celio motta

celio motta — Sat, 25 Apr 2009 01:39:36 +0000

thanks!!! really helpful!!

By: William Notowidagdo

William Notowidagdo — Tue, 31 Mar 2009 07:40:36 +0000

Hi,

I follow your post but somehow in my case this

@user.authenticated?(old_password)

retur false.

Any idea what’s wrong?

Thanks

By: Mikhailov

Mikhailov — Tue, 06 Jan 2009 17:09:22 +0000

Generate random password in Rails.

http://www.railsgeek.com/2009/1/6/generate-random-password-in-rails

I am using Restful_authentication plugin for one of my projects. As part of my user creation workflow, system should to generate a random password for the new user.

By: Louis Simoneau

Louis Simoneau — Tue, 25 Nov 2008 23:08:24 +0000

Hi, thanks for this elegant and RESTful solution to this problem. I have one question however: it seems to me that the generation of a new password and the sending of the notification email would be better located in a Model method than in the controller.

However, since the User model is generated by restful_authentication, I thought that might be your reason for putting this logic in the controller (keeping the restful_authentication stuff “pure”).

In my application, I’ve put it in the User model, but was just wondering if there was something I’m missing?

By: Justin

Justin — Fri, 14 Nov 2008 20:20:14 +0000

@Ben The PasswordsController update method will only change the password for “current_user” which, in RESTful_authentication” is set once the user authenticates first. So, you could only change John’s password if you could authenticate as him.

By: Ben Johnson

Ben Johnson — Fri, 14 Nov 2008 19:48:20 +0000

This is a good post, but I think there is a big fundamental mistake here. What’s to keep me from resetting random user’s passwords? Let’s say I know someone’s login is “john”, but that is not my login. I don’t like John, so I will go and reset his password every day.