tags:

views:

142

answers:

4
+1  Q: 

How do I validate that two values do not equal each other in a Rails model?

I have a User model, which has an email and a password field. For security, these may not be equal to each other. How can I define this in my model?

+4  A: 

You can use a custom validation method to check this.

class User < ActiveRecord::Base
  # ...

  def validate
    if (self.email == self.password)
      errors.add(:password, "password cannot equal email")
      errors.add(:email, "email cannot equal password")
    end
  end
end
John Feminella  2010-02-16 13:29:00
Thanks John!!!!
Time Machine  2010-02-16 13:42:05
+1  A: 

all you need is to create validation rule in your model for example

class User < ActiveRecord::Base
  def validate_on_create
    if email == password
      errors.add('password', 'email and password can't be the same')
    end
  end
end
sys  2010-02-16 13:31:10
I don't think this is right. We want `validate`, not `validate_on_create`, because we need to check on all saves that the e-mail isn't the password (not just at creation time).
John Feminella  2010-02-16 13:33:57
There is a syntax error (typo) in error message: You cannot use single quote marks in string which is single quoted ;-)
Dejw  2010-02-16 16:28:47
+3  A: 

It depends how Your password is stored:

class User < ActiveRecord::Base
    validate :email_and_password_validation

    def email_and_password_validation
        if self.email == self.password
            errors.add_to_base("Password must be different from email") 
        end
    end
end

This would work if Your password is stored literally, but You can perform the same thing with email (e.g. create a hashed version) and check for equality with password. E.g:

class User < ActiveRecord::Base
    validate :email_and_password_validation

    def email_and_password_validation
        if make_hash(self.email) == self.hashed_password
            errors.add_to_base("Password must be different from email") 
        end
    end
end

My example is taken from http://api.rubyonrails.org/classes/ActiveRecord/Validations/ClassMethods.html#M002162

Your situation is quite general so You can be interested in creating custom validation method. Everything is covered here: http://guides.rubyonrails.org/active_record_validations_callbacks.html#creating-custom-validation-methods

Dejw  2010-02-16 13:32:53
+3  A: 

Create custom validataion: 

validate :check_email_and_password

def check_email_and_password
  errors.add(:password, "can't be the same as email") if email == password
end

But keep in mind that storing password as a plain text is bad idea. You should store it hashed. Try some authentication plugin like authlogic or Restful authentication.

klew  2010-02-16 13:34:09

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.