How to check the password from the database with the new password for a match in Rails?

W

WEB_champion2014-11-03 23:01:11

Ruby on Rails

WEB_champion, 2014-11-03 23:01:11

There is a password from the form: params[:user][:password]
I want to check if the password from the database matches. The password in the database is stored in a hashed form (via bcrypt), and, accordingly, it is impossible to check the password in this way:

@user = User.where(password: params[:user][:password]).first

How can I solve the problem???

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

W

WEB_champion, 2014-11-03
@WEB_champion

Solved the problem with simple usage:

password = params[:user][:password]
User.find_by(id:user_id).try(:authenticate, password)

A

Alexander Prokopenko, 2014-11-03
@alprk

Read this: https://github.com/codahale/bcrypt-ruby for how to use bcrypt in Rails

M

Maxim, 2014-11-03
@maxloyko

something like this

def self.authenticate(email, password)
    user = find_by_email(email)
    if user && user.password_hash == BCrypt::Engine.hash_secret(password, user.password_salt)
      user
    else
      nil
    end
  end