无法使用 Bcrypt 更新密码
Unable to update password with Bcrypt
我已经尝试了很多方法,但 BCrypt 似乎对用户提交的密码进行了两次加密。
当用户注册时 - Bcrypt 运行良好,我可以登录。但是当我尝试在 password_resets_controller 中更新他们的密码时,我无法再登录。我的数据库显示正在更新和散列密码,但我无法登录。
我什至删除了行 @customer.save,但我的数据库仍然显示正在更新密码!
是否有我不知道的后台更新?请参阅相关的 SO 线程:
Updating password with BCrypt
在我的Customer.rb
require 'bcrypt'
class Customer < ActiveRecord::Base
include BCrypt
def password
@password ||= Password.new(password_hash)
end
def password=(new_password)
@password = Password.create(new_password)
self.password_hash = @password
end
def self.authenticate(email, password)
@customer = Customer.find_by_email(email)
if @customer && @customer.password == password
return @customer
else
return nil
end
end
end
在我的 customer_controller 中,实际有效的创建代码
require 'bcrypt'
class CustomersController < ApplicationController
def create_customer_account_iphone
@customer_count = Customer.where(email: params[:email]).size rescue nil
if(@customer_count == 0 || @customer_count == nil ||)
@customer = Customer.new(first_name: params[:first_name], email: params[:email])
@customer.password = params[:password] //this calls my model methods
@customer.save //here I am saving
unless (!@customer.save)
respond_to do |format|
msg = {:status => "SUCCESS", :messages => "Customer created", :data => @customer.as_json}
format.json { render :json => msg } # don't do msg.to_json
end
else
respond_to do |format|
msg = {:status => "FAILED", :messages => "Customer Not Saved"}
format.json { render :json => msg } # don't do msg.to_json
end
end
def sign_in_iphone
@customer = Customer.authenticate(params[:email], params[:password])
unless (@customer == 0 || @customer == nil)
respond_to do |format|
msg = {:status => "SUCCESS", :message => "CUSTOMER", :data => @customer.as_json}
format.json { render :json => msg } # don't do msg.to_json
end
else
respond_to do |format|
msg = {:status => "FAILED"}
format.json { render :json => msg } # don't do msg.to_json
end
end
end
在我的password_reset_controller
class CustomerPasswordResetsController < ApplicationController
def edit
@customer = Customer.find_by_password_reset_token!(params[:id])
end
def update
@customer = Customer.find_by_password_reset_token!(params[:id])
if @customer.password_reset_sent_at < 2.hours.ago
redirect_to new_customer_password_reset_path, :alert => "Password reset has expired."
else
@customer.password_hash = BCrypt::Password.create(params[:password])
# @customer.save
unless !@customer.save
redirect_to new_customer_password_reset_path, :alert => "Password has been reset!"
else
render :edit
end
end
end
在我的password_reset.html.erb
<%= form_for @customer, :url => customer_password_reset_path(params[:id]), :method => :patch do |f| %>
<% if @customer.errors.any? %>
<div class="error_messages">
<h2>Form is invalid</h2>
<ul>
<% for message in @customer.errors.full_messages %>
<li><%= message %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :password %>
<%= f.password_field :password %>
</div>
<div class="field">
<%= f.label :password_confirmation %>
<%= f.password_field :password_confirmation %>
</div>
<div class="actions"><%= f.submit "Update Password" %></div>
您可能正在分配 password 以及使用 password_hash 进行一些 post 处理。如果您拥有带有 password= 方法的模型代码,则打算使用它的方式是单独通过 password。这意味着除了简单地分配它之外,您不需要做任何额外的工作。
你想要的 password_reset 方法是:
@customer.password = params[:password]
@customer.save!
应该通过适当的模型代码 运行 来处理它。
鉴于您的表单,新密码将在 params[:customer][:password] 而不是 params[:password] - 您现有的代码总是将密码设置为 nil。
更改密码会将控制器更新操作重置为
@customer.password = params[:customer][:password]
应该可以解决问题。作为旁注,注释掉的 customer.save 无关紧要,因为您在下一行再次保存。
下次发生这种情况时,请考虑使用调试器来检查您的操作中发生了什么 - 很容易发现密码被设置为 nil。 debugging guide 对此有更多提示。
我已经尝试了很多方法,但 BCrypt 似乎对用户提交的密码进行了两次加密。
当用户注册时 - Bcrypt 运行良好,我可以登录。但是当我尝试在 password_resets_controller 中更新他们的密码时,我无法再登录。我的数据库显示正在更新和散列密码,但我无法登录。
我什至删除了行 @customer.save,但我的数据库仍然显示正在更新密码!
是否有我不知道的后台更新?请参阅相关的 SO 线程: Updating password with BCrypt
在我的Customer.rb
require 'bcrypt'
class Customer < ActiveRecord::Base
include BCrypt
def password
@password ||= Password.new(password_hash)
end
def password=(new_password)
@password = Password.create(new_password)
self.password_hash = @password
end
def self.authenticate(email, password)
@customer = Customer.find_by_email(email)
if @customer && @customer.password == password
return @customer
else
return nil
end
end
end
在我的 customer_controller 中,实际有效的创建代码
require 'bcrypt'
class CustomersController < ApplicationController
def create_customer_account_iphone
@customer_count = Customer.where(email: params[:email]).size rescue nil
if(@customer_count == 0 || @customer_count == nil ||)
@customer = Customer.new(first_name: params[:first_name], email: params[:email])
@customer.password = params[:password] //this calls my model methods
@customer.save //here I am saving
unless (!@customer.save)
respond_to do |format|
msg = {:status => "SUCCESS", :messages => "Customer created", :data => @customer.as_json}
format.json { render :json => msg } # don't do msg.to_json
end
else
respond_to do |format|
msg = {:status => "FAILED", :messages => "Customer Not Saved"}
format.json { render :json => msg } # don't do msg.to_json
end
end
def sign_in_iphone
@customer = Customer.authenticate(params[:email], params[:password])
unless (@customer == 0 || @customer == nil)
respond_to do |format|
msg = {:status => "SUCCESS", :message => "CUSTOMER", :data => @customer.as_json}
format.json { render :json => msg } # don't do msg.to_json
end
else
respond_to do |format|
msg = {:status => "FAILED"}
format.json { render :json => msg } # don't do msg.to_json
end
end
end
在我的password_reset_controller
class CustomerPasswordResetsController < ApplicationController
def edit
@customer = Customer.find_by_password_reset_token!(params[:id])
end
def update
@customer = Customer.find_by_password_reset_token!(params[:id])
if @customer.password_reset_sent_at < 2.hours.ago
redirect_to new_customer_password_reset_path, :alert => "Password reset has expired."
else
@customer.password_hash = BCrypt::Password.create(params[:password])
# @customer.save
unless !@customer.save
redirect_to new_customer_password_reset_path, :alert => "Password has been reset!"
else
render :edit
end
end
end
在我的password_reset.html.erb
<%= form_for @customer, :url => customer_password_reset_path(params[:id]), :method => :patch do |f| %>
<% if @customer.errors.any? %>
<div class="error_messages">
<h2>Form is invalid</h2>
<ul>
<% for message in @customer.errors.full_messages %>
<li><%= message %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :password %>
<%= f.password_field :password %>
</div>
<div class="field">
<%= f.label :password_confirmation %>
<%= f.password_field :password_confirmation %>
</div>
<div class="actions"><%= f.submit "Update Password" %></div>
您可能正在分配 password 以及使用 password_hash 进行一些 post 处理。如果您拥有带有 password= 方法的模型代码,则打算使用它的方式是单独通过 password。这意味着除了简单地分配它之外,您不需要做任何额外的工作。
你想要的 password_reset 方法是:
@customer.password = params[:password]
@customer.save!
应该通过适当的模型代码 运行 来处理它。
鉴于您的表单,新密码将在 params[:customer][:password] 而不是 params[:password] - 您现有的代码总是将密码设置为 nil。
更改密码会将控制器更新操作重置为
@customer.password = params[:customer][:password]
应该可以解决问题。作为旁注,注释掉的 customer.save 无关紧要,因为您在下一行再次保存。
下次发生这种情况时,请考虑使用调试器来检查您的操作中发生了什么 - 很容易发现密码被设置为 nil。 debugging guide 对此有更多提示。