Is it possible to have a few passwords in authlogic gem?

Question

Right now we have phone_number as login, and sms code (4 digits) as password. When user wants to login:

- user enters phone number 
- we generate code
- we save code to user password field
- we send code to user via sms
- user uses this sms code to login in

We want to be able to have last 3 generated codes (password) be valid for login:

- we started to save generated codes in separate table

And here is the question: How do I connect this to authlogic? Is the any callback that turns off default password check and give me ability to add my custom logic for password checking?

Answer 1

I found a solution which helped me to tune password validation logic. My authlogic version 3.5.6 and I has method called validate_by_password in following implementation. I copied first part of it to save blank fields and logic checks. And overwrote invalid password check in way I need.

class Client::Session < Authlogic::Session::Base

  ...

  def validate_by_password
    # copy paste from gem
    self.invalid_password = false

    # check for blank fields
    errors.add(login_field, I18n.t('error_messages.login_blank', default: 'cannot be blank')) if send(login_field).blank?
    errors.add(password_field, I18n.t('error_messages.password_blank', default: 'cannot be blank')) if send("protected_#{password_field}").blank?
    return if errors.count > 0

    # check for unknown login
    self.attempted_record = search_for_record(find_by_login_method, send(login_field))
    if attempted_record.blank?
      generalize_credentials_error_messages? ?
        add_general_credentials_error :
        errors.add(login_field, I18n.t('error_messages.login_not_found', default: 'is not valid'))
      return
    end


    # custom check for invalid password
    ...

  end
end