ruby on rails - How to customize bcrypt? -


i have built working api using rails using this pluralsight blog. in app user verification i've used gems bcrypt , jwt. using mysql database , have user table named users.

which looks this:

current user table
saw production database looks this: desired user table

since have done quite research , found out while using latest version of bcrypt must have password_digest column, cant store encrypted password , password salt separately.
problem can't change schema of existing table. kindly let me know if there's work around? or there exists better approach tackle issue.

it is possible , isn't difficult. i'll show step-by-step procedure helps understand how that.

how passwords work under hood

we start locating has_secure_password. it's defined in activemodel::securepassword::classmethods. activemodel::securepassword active model concern responsible passwords. it's included activerecord::base.

if at source code can see includes instancemethodsonactivation. defines 4 instance methods:

  1. authenticate - build bcrypt::password based on value returned password_digest (normally column accessor) , tests whether matches unencrypted_password.
  2. password - ordinary attribute reader.
  3. password= - custom attribute setter. converts assignment password assignment password_digest. remember in ruby these "assignments" method calls. in other words, method translates call #password= call #password_digest=.
  4. password_confirmation= - ordinary attribute writer.

based on above code, can see model needs implement 2 methods compatible rails secure passwords. these methods #password_digest , #password_digest=. activemodel::securepassword doesn't care whether backed database columns! perspective, ordinary ruby methods.

implementation

we know #password_digest needs assemble bcrypt digest based on 2 columns in our database. conversely, #password_digest= needs disassemble bcrypt digest salt , checksum.

let's write simple test case ensure code works. our goal make test pass.

require 'test_helper'  class usertest < activesupport::testcase   name = 'gregnavis'.freeze   password = '1234abcd'.freeze    test 'passwords work'     # first, store user in database check fields     # serialized correctly.     user.create!(name: name,                  password: password,                  password_confirmation: password)      # second, reload model ensure works if reset     # state isn't serialized database.     user = user.find_by_name!(name)      # third, let's see whether authentication works.     assert(user.authenticate(password))     assert_not(user.authenticate("#{password}1"))   end end

looking @ source code of #password= can see method receives instance of bcrypt::password argument. the docs bcrypt::password list salt (which includes salt, version, , cost) , checksum attributes. means following implementation should pass test:

class user < activerecord::base   has_secure_password    def password_digest     # need glue 2 parts.     "#{password_salt}#{password_hash}"   end    def password_digest=(digest)     # need split bcrypt::password 2 parts.     self.password_salt = digest.salt     self.password_hash = digest.checksum   end end

that's it! test green. confirmed joining digest.salt , digest.checksum gives complete hash. did in console.


Comments

Post a Comment

Popular posts from this blog

Is there a better way to structure post methods in Class Based Views -

i'm using class based views in django , never specify url in ajax calls , omit action parameter in form because know these requests go through post method of class based view. notice view - profile page make many requests depending on user updating on page - post method become convoluted , if/else mess example: def post(self, request, *args, **kwargs): # handle user changing available date if request.post.get('availabledate') != none: self.updateavailabledate(request) return jsonresponse({'result':'success'}) if request.post.get('newprojectname') != none: creative_user = creativeuserprofile.objects.get(id = request.user.id) project = project.create_project(creative_user, request.post['newprojectname']) project.save() return jsonresponse({'projectid': project.id }) if request.post.get('projectimage') != none , request.files['file']: proj...
Read more

Python Tornado package error when running server -

we running tornado tcp server on windows server 2012 machine. machine handles both http-based dashboard , 21 tcp websocket connected clients. in logs see following error. seems @ low level of websocket13 protocol. networking standpoint mean? why write buffer not greater or equal 0? [error] [2017-08-17 11:54:14 am] [tornado.application] exception in callback <bound method websocketprotocol13.periodic_ping of <tornado.websocket.websocketprotocol13 object @ 0x01d7ad30>> traceback (most recent call last): file "c:\python27\lib\site-packages\tornado\ioloop.py", line 1026, in _run return self.callback() file "c:\python27\lib\site-packages\tornado\websocket.py", line 1030, in periodic_ping self.write_ping(b'') file "c:\python27\lib\site-packages\tornado\websocket.py", line 790, in write_ping self._write_frame(true, 0x9, data) file "c:\python27\lib\site-packages\tornado\websocket.py", line 768, in _writ...
Read more

Qt QGraphicsScene is not accessable from QGraphicsView (on Qt 5.6.1) -

i new qt. trying catch mouse press , release in qgraphicsview area , draw line. this, extended qgraphicsview , called myqgraphicsview . seems scene not attached since added " hello world " , never appears in view. here code extended class: class myqgraphicsview : public qgraphicsview { q_object public: myqgraphicsview(qgraphicsscene *scene, qwidget *parent = q_nullptr) : qgraphicsview(scene,parent){ // qgraphicsview::qgraphicsview(scene,parent); } qpoint *pointptr, *startpos,*endpos; qgraphicsview *cv;//maa qgraphicsscene *c; qgraphicsscene *sceneptr; // maa protected: void paintevent(qpaintevent *event) { show(); } void mousepressevent(qmouseevent *event) { // pos wrt widget. global wer global screen qdebug()<<" mouse pressed @ "<<qwidget::mapfromglobal(event->globalpos()); //globalx(); startpos = new qpoint; startpos->setx(qwidget::mapfromglobal(event->globalpos()).x()); startpos->sety(qw...
Read more