ruby on rails - Updating password with BCrypt -

-

when login username , password bcrypt checks no problem, fine.

but when go through process of recovering password , try login new password bcrypt never returns true.

the code have follows:

before_save :encrypt_password before_update :encrypt_password  def authenticate    player = player.find_by(mail: self.mail)    unless player.nil?    current_password = bcrypt::password.new(player.password)    if current_password == self.password     player    else      nil    end  end end  private def encrypt_password     unless self.password.nil?     self.password = bcrypt::password.create(self.password) end

i'm using rails 4

you don't need before_update callback.

when creating new record (user in case), before_save triggered. right behavior.

but when updating record, both before_update , before_save triggered, means password column encrypted twice. that's why unexpected behavior.

check this page more information callbacks.

what's more, think it's bad idea make password real column in database. need column called encrypted_password in database , making password virtual attribute.

so can write encrypt_password method this:

def encrypt_password     unless self.password.nil?     self.encrypt_password = bcrypt::password.create(self.password) end

which gave no chance make mistake made.


Comments

Post a Comment

Popular posts from this blog

html5 - What is breaking my page when printing? -

-
Image
i have questioner , don't know why when printing it's creating break before first question. live demo (link) i able resolve issue removing fieldset container had wrapped in.. having fieldset element causing of fields grouped together, , since not fit on first page, being pushed second page. removing fieldset element, able firefox print first 2 questions on page 1 identically chrome. it seems not new problem firefox , fieldset not playing nice found old bugzilla ticket 2008 has persisted , still being commented on in 2014 (link) if retaining fieldset important, found solution else came here (link) <script type='text/javascript'> $(window).bind('beforeprint', function(){ $('fieldset').each( function(item) { $(this).replacewith($('<div class="fieldset">' + this.innerhtml + '</div>')); } ) }); $(window).bind(
Read more

c# - must be a non-abstract type with a public parameterless constructor in redis -

-
when save object, got below error must non-abstract type public parameterless constructor in order use parameter 't' in generic type or method 'servicestack.redis.redisclient.store<t>(t) redisclass.getinstnace().store(msg); // error here redisclass.getinstnace().save(); as third party's class, can not edit how save object? could create wrapper around third party object call constructor, store wrapper? e.g. public class mywrapper { public thirdpartyobject thirdpartyinstance { get; set; } public mywrapper() { thirdpartyinstance = new thirdpartyobject("constructors"); } }
Read more

ajax - PHP/JSON Login script (Twitter style) not setting sessions -

-
i'm having trouble getting twitter style login work properly, reason gets stuck at session_register("useremail"); session_register("userpass"); and doesn't redirect after it. if enter wrong account data, works , appropriate error message pops up. this full code: <?php if(empty($_post['email']) || empty($_post['password'])) { die(msg(0,"all fields required")); } if(!(preg_match("/^[\.a-z0-9_\-\+]+[@][a-z0-9_\-]+([.][a-z0-9_\-]+)+[a-z]{1,4}$/", $_post['email']))) die(msg(0,"you haven't provided valid e-mail")); $host="localhost"; $username="root"; $password="x"; $db_name="x"; $tbl_name="x"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select db"); $useremail=$_post['email']; $userpass=
Read more