I'm using the sorcery gem and trying to re-authenticate a user to change their password in the "my account" section. So basically there's old_password, password and password_confirmation on the form. So basically, the user is already logged in, but I wanted to put an additional authentication check to reset the user's password for an extra level of security.
My question is: how do I achieve this with Sorcery? I was browsing their source code and came across 'authenticate' method on what I thought was the user object, but how do I call this (note I"m relatively new to rails and still coming to terms with the ruby syntax)
This is what I've got:
if (@password_reset.valid? && current_user.authenticate(@password_reset.email, @password_reset.old_password))
And the relevant part of the user model
class User < ActiveRecord::Base
authenticates_with_sorcery!
...
Geez, I'm surprised nobody answered this question, it ended up being quite simple. It turns out that all I had to do was call the class method instead of using the instance as shown below.
User.authenticate(@password_reset.email, @password_reset.old_password, false)