Authentication broken up into sections issue with changing password

Question

I am building an authentication, from scratch no Devise or Authlogic, which will save three different parts of my :user table independently. I am trying to get it to save the non-essentials, like the users real name and age verification, without a password. While if the the :user wants to change there login details, like a :loginname or :email , then they need to enter their :password in order to effect the change. Same goes for if the :user wants to change their :password . Here is the model for the :user table.

class User < ActiveRecord::Base
attr_accessor   :password, :old_password, :current_password
attr_accessible :loginname, :email, :password, :password_confirmation,
                 :name, :title_forName, :age_verify, :old_password, 
                 :current_password

email_regex = /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i
loginname_regex = /\A[\w\d]+\z/i
password_regex = /\A(?=.*[\d])(?=.*[A-Z])([1-zA-Z0-1@*#$.]{6,20})\z/

validates :loginname, :presence     => true,
                      :format       => { :with => loginname_regex },
                      :length       => { :maximum => 30},
                      :uniqueness   => { :case_sensitive => false }
validates :email,     :presence     => true,
                      :format       => { :with => email_regex },
                      :uniqueness   => { :case_sensitive => false }
validates :password,  :presence     => true,
                      :on           => :create, 
                      :on           => :change_password_update,
                      :on           => :change_password,
                      # :on           => :update, #This fixes the problem with the password not being validated, but breaks everything else
                      :confirmation => true,
                      :length       => { :within => 6..20 },
                      :format       => { :with => password_regex }
validates :name,      :length       => { :maximum => 75 }
validates :old_password, :presence  => true,
                         :on        => :change_password_update,
                         :on        => :change_password,
                         :format    => { :with => password_regex }
validates :current_password, :presence  => true,
                         :on        => :change_login_update,
                         :on        => :change_login,
                         :format    => { :with => password_regex }

before_save do
     if ( !self.password.blank? || !self.password_confirmation.blank?) #This will keep from a blank password being saved to an encryption.
        :encrypt_password
    end
end

This is update section on the controller for :user

def update
@user = User.find(params[:id])
if params["change_login_update"]
    change_login_update
else
    if params["change_password_update"]
        change_password_update
    else
        if @user.update_attributes(params[:user])
        flash[:success] = "Profile updated."
        redirect_to @user
        else
        @title = "Edit user"
        render 'edit'
        end
    end
end

end

This is for the :user login section

def change_login_update
    if @user.has_password?(params[:user][:current_password])
        if @user.update_attributes(params[:user])
        flash[:success] = "Login details updated."
        redirect_to @user
        else
        @title = "Change Login Details"
        render 'change_login'
        end
    else
        flash[:notice] = "Password Didn't Match Our Records"
        @title = "Change Login Details"
        render 'change_login'
    end
  end

And this is for the :password_change section on the :users contoller

def change_password_update
    if @user.has_password?(params[:user][:old_password])
        if @user.update_attributes(params[:user])
        flash[:success] = "Password updated."
        redirect_to @user
        else
        @title = "Change Password"
        render 'change_password'
        end
    else
        flash[:notice] = "Original Password Didn't Match Our Records"
        @title = "Change Password"
        render 'change_password'
    end   
  end

1 (Updating the non important things) -- The submit button on the edit user main page, where it will only change things that don't effect the :user login, works without incident and everything that needs to change is updated.

2 (Updating the login details) -- The submit button is named "change_login_update" , :flash works correctly and field validation for :email and :loginname works as well. Upon clicking submit the user is asked for the proper password and it does do password matching before it will save the data, but it will not check to see if the input data for the :current_password is in the correct format. This seems to be an issue with the :on fields that were added to the :user model not functioning.

3 (Updating the password) -- The submit button is named "change_password_update" , :flash works correctly but the :password and :password_confirmation validations don't fire. The password match, :old_password , on this works as well. If the fields are all entered correctly the :flash[:success] fires but the password is not updated. If the :on => update, is used the password will save properly but everything else will break because the :password is not available to edit on any other page.

It seems to be a problem with the :on statements not firing correctly for the right sections. This is my first time working with :on paths so any help would be greatly appreciated. Thank you in advance.

Answer 1

I don't think you can use :on like that, you can only use :on with validates_each, validates_with and the only options are- > :save, :create, :update

So you cant just pass a random method to :on an expect the event to fire when this happens, it can only fire on save, create and update(The default is save).

You can do what your are looking with after or before filter. Use:

before_create :run_before_create_validations

this will fire run_before_creation_validations, before any create. I here you can check if its a change_password_update for example, and run some validations.

Answer 2

My solution was to add :if statements to the validation

validates :password,  :presence     => true,
                      :on           => :create,
                      :confirmation => true,
                      :length       => { :within => 6..20 },
                      :format       => { :with => password_regex }
validates :name,      :length       => { :maximum => 75 }
validates :old_password, :presence  => true,
                          :format    => { :with => password_regex },
                          :if        => :old_password_check?
validates :current_password, :presence  => true,
                         :if        => :login_check?,
                         :format    => { :with => password_regex }
validates :password,  :presence     => true,
                       :confirmation => true,
                       :length       => { :within => 6..20 },
                       :format       => { :with => password_regex },
                       :if           => :old_password_check?

after this all the validations worked correctly but the password was not saving correctly and the solution to that was that I had written my before_save incorrectly this is the corrected version

before_save do
     if( !self.password.blank? )
        encrypt_password
    end
end

Now everything works perfectly. Thank you all for your help