Home arrow Ruby-on-Rails arrow Page 3 - Passwords and More Security for a Rails Ecommerce Application

Passwords and More Security for a Rails Ecommerce Application

In this third part to a four-part series on building the security into a Ruby-on-Rails ecommerce application, we'll focus on the changes we need to make to the program so that users can change their passwords. This article is excerpted from chapter eight of the book Practical Rails Projects, written by Eldon Alameda (Apress; ISBN: 1590597818).

Author Info:
By: Apress Publishing
Rating: 5 stars5 stars5 stars5 stars5 stars / 2
June 18, 2010
  1. · Passwords and More Security for a Rails Ecommerce Application
  2. · Updating the User Model
  3. · Using Observers
  4. · Modifying the Controller

print this article

Passwords and More Security for a Rails Ecommerce Application - Using Observers
(Page 3 of 4 )

When we createdUserNotifierin the beginning of the Reset Password user story implementation, the generator also created a file calleduser_observer.rbinapp/models. Observers in Rails are classes that monitor the life cycle of ActiveRecord objects, somewhat similar to the filters for controllers. Observers support the following callback methods:

  1. after_create
  2. after_destroy 
  3. after_save 
  4. after_update 
  5. after_validation 
  6. after_validation_on_create 
  7. after_validation_on_update 
  8. before_create 
  9. before_destroy 
  10. before_save 
  11. before_update 
  12. before_validation 
  13. before_validation_on_create 
  14. before_validation_on_update

You can call these callbacks directly in an ActiveRecord model, too:  

class MyModel < ActiveRecord::Base
  after_save :say_foo

  def say_foo
    logger.info "Foo-oo!"

However, if your callback code gets longer and/or you want to implement similar behavior for multiple models, itís a good idea to extract the callbacks to an observer. Observers also give you more flexibility, since you can restrict the callbacks to happen only in certain controllers, as we will do in this section.

When thegenerate authenticated_mailer usercommand created theUserObserver observer, it created two callbacks for it:

class UserObserver < ActiveRecord::Observer
  def after_create(user)

  def after_save(user)
    UserNotifier.deliver_activation(user) if user.recently_activated?

However, we donít need either of these callbacks, since we arenít implementing signup notification or user activation in this sprint. We can simplify the observer to look like this:

class UserObserver < ActiveRecord::Observer
def after_save(user)
    UserNotifier.deliver_forgot_password(user) if user.password_forgotten

You might have wondered what weíre going to do with the@password_forgottenvariable in theUserclass, and hereís the answer. Ourafter_savemethod inUserObserverkicks in when theUser object is saved and checks whether the variable istrue. If yes, it asks theUserNotifiermailer to deliver theforgot_passwordmail, passing the current user as an attribute. In normal cases, when@password_forgottenisnil, the observer does nothing.

blog comments powered by Disqus

- Ruby-on-Rails Faces Second Security Flaw in ...
- Ruby 2.0 Prepped for February 2013 Release
- Why LinkedIn Switched from Ruby on Rails
- Adding Style with Action Pack
- Handling HTML in Templates with Action Pack
- Filters, Controllers and Helpers in Action P...
- Action Pack and Controller Filters
- Action Pack Categories and Events
- Logging Out, Events and Templates with Actio...
- Action Pack Sessions and Architecture
- More on Action Pack Partial Templates
- Action Pack Partial Templates
- Displaying Error Messages with the Action Pa...
- Action Pack Request Parameters
- Creating an Action Pack Registration Form

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 

Developer Shed Affiliates


© 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials