Devise is not storing password_salt
1,456 views
Skip to first unread message
Dalto Curvelano
Mar 31, 2011, 3:44:23 PM3/31/11
to Devise
Hey all.
My company have a product where its users register themselves for the
beta version, to download a desktop app. I need to implement an
authentication logic for this desktop app that checks if the users are
in a web app database where the authentication logic is handled by
devise. I want to do this directly via the mysql driver.
I need to get the password_salt generated by devise during user
registration to make the SQL select statement that will match a user,
but the password_salt field in mysql is null. The migration doesn't
declare any password_salt field, but it is present in both the
schema.rb and in the users table. I'm kinda of new to devise and don't
really know if this is a bug of if I'm missing something.
I've already tried this with devise versions 1.1.5, 1.2.1 and 1.3.0
(git master branch).
Thanks in advance.
My company have a product where its users register themselves for the
beta version, to download a desktop app. I need to implement an
authentication logic for this desktop app that checks if the users are
in a web app database where the authentication logic is handled by
devise. I want to do this directly via the mysql driver.
I need to get the password_salt generated by devise during user
registration to make the SQL select statement that will match a user,
but the password_salt field in mysql is null. The migration doesn't
declare any password_salt field, but it is present in both the
schema.rb and in the users table. I'm kinda of new to devise and don't
really know if this is a bug of if I'm missing something.
I've already tried this with devise versions 1.1.5, 1.2.1 and 1.3.0
(git master branch).
Thanks in advance.
José Valim
Mar 31, 2011, 4:04:12 PM3/31/11
to Devise
Devise 1.2.1 does not require a password_salt column anymore if you
are using bcrypt. If you need a kind of salt, I believe there is a
method called authentication_salt you could use to retrieve such
values.
are using bcrypt. If you need a kind of salt, I believe there is a
method called authentication_salt you could use to retrieve such
values.
John Krueger
Dec 19, 2012, 12:34:37 PM12/19/12
to plataforma...@googlegroups.com
Hey José,
I'm having trouble finding the authentication_salt method, is it in bcrypt or devise?
I'm trying to migrate over to devise from authlogic/bcrypt.
I have a password_salt column in my database that's getting used, and need to be able to hit that instead of (maybe in addition to, still trying to find out) the devise salt.
This seems to be where it's getting stuck, because when I get to self.secure_compare(a, b) at line 426 of lib/devise.rb, a and b are definitely different, and I know that I'm using the correct password (checked it with multiple accounts).
Hopefully you have some insight. What I think bcrypt was doing is double salting, and I can't find an example of how to implement this.
Thanks,
John
John Krueger
Dec 19, 2012, 2:53:01 PM12/19/12
to plataforma...@googlegroups.com
I figured out a solution. We had migrated our authlogic to use bcrypt, so I had to override the valid_password? method in my user model.
On Thursday, March 31, 2011 2:04:12 PM UTC-6, José Valim wrote:
On Thursday, March 31, 2011 2:04:12 PM UTC-6, José Valim wrote:
Reply all
Reply to author
Forward
0 new messages