<%=password_field 'email_setting','emailpasswd' %>
In this #email_setting.emailpasswd has the value password(#email_setting.emailpasswd="password").
But in email_setting form edit the password text box is loaded with empty.Instead of that I need to show some characters(#######) to indicate that the password is already entered.
I'm using Rails 3.
You could also do something like this:
In /config/initializers/my_constants.rb, set a constant with the value that you'd like to display to the user in the password input box.
STARS_PASSWORD = '*******'
In the User model, create a method that we will call from the form to determine what to display to the user inside the password input box.
class User < ActiveRecord::Base
def password_form_value
password.present? ? STARS_PASSWORD : ''
end
end
In the form, display the STARS_PASSWORD as the value on the input form, if in fact the user has already set a password.
<%=form.password_field :password, :value => #user.password_form_value %>
In the UsersController, delete the submitted password before updating if the submitted password is STARS_PASSWORD.
params[:user].delete :password if params[:user][:password] == STARS_PASSWORD
NB: If you have a password validator on the User model (for example, the password needs to have letters and numbers), you will also need to modify that validator to allow STARS_PASSWORD.
This is a security precaution of Rails that password fields are not prepopulated. Otherwise they would be visible in plain text in page source.
If you really want to display it there though, you need to bypass form helpers and fallback to plain HTML:
<input type="password" name="email_setting[emailpasswd]" value="<%= #email_setting.emailpasswd %>" />
However that will not work well if you have your passwords hashed. You can't "decrypt" a hashed password, so you can't show them in plain text here.
password_field renders with nil value by default. This makes the use of passwords secure by default. If you want to render the value of the password_field, you have to do for instance
f.password_field(:password, :value => #user.password)
https://github.com/rails/rails/commit/1851af84c1c7244dc416be9c93a4700b70e801e3
Related
I have my user models validation for password confirmation like this
validate_confirmation_of :password
This add the error message doesn't match to the password field, but I need this error message on the password_confirmation field.
Can this be achieved in any other way.? I need this because, I use client side validations to show errors in form and I want this error to appear on the password_confirmation field rather than on the password field.
You can write a simple custom validation:
class User
validate :password_confirmation_matches_password
def password_confirmation_matches_password
if password != password_confirmation
errors.add(:password_confirmation, "isn't the same")
end
end
end
I have a Rails app where I am using Devise for authentication. Devise lets users click to get an email containing a link to reset their password.
My problem is that the email field is not required in the table "user". There's a login field to authenticate, that is sincronized from another system. I can't set email to required.
I want to verify the email field and return a custom message to the user, if the email is not set. If it is, then Devise will continue and reset the password.
I saw in another post, that I have to override the method "email_required?" in the user model, but I still get the error message "Email cant be blank".
def email_required?
false
end
In your user model you should probably have some kind of validation for email like so
validates_presence_of :email
Also if you wanted to migrate the database to have email as not null it would be like so
change_column :users, :email, :string, :null => false
I'd like to conditionally change the label of a resource in ActiveAdmin based on the user role. I'd like to keep the default pluralization of the name for admins, but for regular users, I need to change the name.
I.e. I have a resource Users, which I would like to change to My Account for the regular user (since they won't see #index).
I'm trying something like
ActiveAdmin.register User do
menu :if => proc {if !current_user.admin?
menu :label => "My Account"
else
menu :label => "I hate Users"
end}
Anyone know how to conditionally name the resource?
Thanks!
This works:
menu :label => proc { true ? "I Hate Users" : "My Account" }
But then to access the
current_admin_user
or the
current_user
object from within the proc won't work. I haven't found a way to get the logged in user object from within the ActiveAdmin::MenuBuilder scope. There are suggestions, see e.g. https://stackoverflow.com/a/2513456/790737 where you set a variable in
Thread.current
after succesfull login. I guess you will have to hook in to the post-authentication work of devise. Good luck.
I am new to Rails. Please help. I have 2 fields in model
class Article < ActiveRecord::Base
attr_accessible :title, :url, :description
end
After user enters the title, we need to auto populate the url form field by changing the following in title
remove all special characters from title
replace spaces with dash "-"
downcase
Then user can update the url to customize it further. Finally, when he clicks on "Create Article" button, we need to check the above 3 conditions again to validate.
I am using Rails 3.2.6
Thank you.
I assume that its a web app and the user is give a form with two textboxes where he can enter the title and url.
You can use javascript to auto generate the url in the textbox, where user can customize it and save.
I have a GroupCoach model, Group Coaches has_many :groups. On my new Group form I want to pass a group_coach_id to the Group object in a hidden field so that a group gets associated with a GroupCoach without the user having to select one.
So in my Groups_Controller
#group = Group.new
#group_coach = GroupCoach.first(:order => "RAND()")
This will get a random GroupCoach. and then in the new Group view I have a hidden field
<%= f.hidden_field #group_coach %>
This obviously doesn't work 100% right. It does pass the group_coach_id but its not telling the form what column to save it in...
I have also heard this is very insecure...
Make a token column. Simply SHA1 encrypt it (or whatever your choice is) and pass that instead. It's much harder to guess.
I used the following code to resolve this issue
<%= f.hidden_field :group_coach_id, :value => #group_coach.id %>
But is this the most secure? Seems pretty insecure as I could change the value in Firebug or something...