Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Getting Rails 3.1's has_secure_password to work well with OmniAuth

Tags:

ruby-on-rails-3.1

omniauth

I'm porting a project from Rails 3 to 3.1. My authentication system was easily switched over to the new has_secure_password in ActiveRecord. The only problem I'm running into is that I also use OmniAuth and I have the system set up so if a user signs up using one of the OmniAuth providers the account shouldn't require a password. I can't seem to override the password_digest validations setup by has_secure_password. Is there anyway to turn off those validations and write my own, or am I going to have to just use my old hand written bcrypt functions from my Rails 3 version of the site?

like image 841
Scott Martin Avatar asked Sep 21 '11 02:09

Scott Martin

2 Answers

I ended up going back to using custom methods. However, I did realize afterwards that I should've been able to use a before_validation callback to check the conditions, then if they matched set the password_digest to anything simple like '0'. This way the digest would never be blank, but at the same time it shouldn't ever validate as a correct password, making them sign in through OmniAuth.

Feel free to correct me if I'm mistaken.

like image 81
Scott Martin Avatar answered Oct 22 '22 21:10

Scott Martin

Scott, your idea is correct. I've been wrestling with this problem to no avail. I tried to override 'has_secure_password' and it simply won't work. No matter where I stuck the code.

Instead I have the following:

class User < ActiveRecord::Base
  has_secure_password

  validates_presence_of :password, :on => :create, :if => :password_required

  # Associations
  has_many :authentications

  # Callbacks
  before_validation :no_password_omniauth

  # Gets set to true if the caller is trying to authenticate with omniauth.
  @called_omniauth = false

  # Build new omniauth users
  def apply_omniauth(omniauth)
    authentications.build(
    :provider => omniauth['provider'], 
    :uid => omniauth['uid'])
    self.first_name = omniauth['user_info']['first_name'] if self.first_name.blank?
    self.last_name = omniauth['user_info']['last_name'] if self.last_name.blank?
    self.email = omniauth['user_info']['email'] if omniauth['user_info']['email'] && self.email.blank?
    @called_omniauth = true
  end

  def password_required
    return false if @called_omniauth == true
    (authentications.empty? || !password.blank?)
  end

  private

  def no_password_omniauth
    self.password_digest = 0 unless password_required
  end

end

The apply_omniauth method gets called from the controller when someone is trying to authenticate or sign up.

Thanks for the idea you nailed it.

like image 20
crankin Avatar answered Oct 22 '22 21:10

crankin
Sign in to Comment

Related questions

FactoryGirl, why I get already registered or uninitialized constant?
Rails 3- Active Admin (Formtastic), set column Width
Generate custom attributes in check_box_tag
link_to path definition
Tableless model in rails 3.1
SSL with Rails 3.1: config.force_ssl = true not working in development mode
Rails 3.1 assets not resolving
How do you catch errors in the rails asset pipeline before production?
Rails 3.1, exclude JS files from asset pipeline
How to decompose a Rails app into different small apps ecosystem
Rails 3.1.0 - undefined method `page_cache_extension' for ActionController::Base:Class
heroku error when i running migration (rails 3.1 cedar stack) [closed]
Ruby on Rails 3.1 assets:precompile and images
Rails paperclip, Edit form file_field not assigned
newbie: error message when 'rake -T'
How do I get the contents of temp file through a form
Embedding erb code in javascript for asset pipeline
How do I do Rails Basic Authorization with RestClient?
Rails 3.1 assets caching on heroku
Passing ActionView::Helpers::FormBuilder to a partial

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!