[英]Rails 5 : Devise Gem password Encryption
I am Rails Beginner. 我是Rails初学者。 I'm trying to use save password using Devise gem.
我正在尝试使用Devise gem保存密码。 Somehow I see an issue using
Bcrypt
and as per suggestion i've chosen Devise. 不知何故,我看到使用
Bcrypt
一个问题,根据我的建议,我选择了Devise。
When i installed Devise and trying to save password, It is being saved as plain simple text. 当我安装Devise并尝试保存密码时,它被保存为简单的简单文本。 Here is the code which i am using.
这是我正在使用的代码。
config.rb config.rb
Rails.application.routes.draw do
devise_for :users #This got added as part of Devise gem usage
#.... Other different routes
resources :users, except: [:new] # I am using users controller and generating routes except for new(Sign_up)
get '/signup', to: 'users#new', as: 'signup' #This is route i wanted for signup
end
Here is the code i am using in my controller . 这是我在控制器中使用的代码。
class UsersController < ApplicationController
def new
@user=User.new
end
def create
@user=User.new(user_params)
#@user=User.new(:password => @user.password).encrypted_password
if @user.save
flash[:success]="User "+@user.user_name+" created successfully"
redirect_to users_path
else
render 'new'
end
end
private
def user_params
params.require(:user).permit(:user_name,:password,:admin)
end
end
This is what i gotta see in DB. 这是我在DB中看到的。
User Load (4.0ms) SELECT "users".* FROM "users" LIMIT $1 [["LIMIT", 11]]
=> #<ActiveRecord::Relation [#<User id: 3, user_name: "admin", password: "admin", admin: "1", created_at: "2018-03-03 08:52:19", updated_at: "2018-03-03 08:52:19", sign_in_count: 0, current_sign_in_at: nil, last_sign_in_at: nil, current_sign_in_ip: nil, last_sign_in_ip: nil>, #<User id: 4, user_name: "admin2", password: "admin", admin: "1", created_at: "2018-03-03 08:52:36", updated_at: "2018-03-03 08:52:36", sign_in_count: 0, current_sign_in_at: nil, last_sign_in_at: nil, current_sign_in_ip: nil, last_sign_in_ip: nil>]>
I really wonder where the logical connection lies in encryption of password. 我真的很想知道密码加密的逻辑连接在哪里。 Being new to Rails i could not understand how is this going to work.
作为Rails的新手,我无法理解这是如何起作用的。
Even i could see the last_sign_up
, and ip fields also nil. 即使我可以看到
last_sign_up
,而ip字段也是零。 Bcrypt
does it automatically. Bcrypt
自动完成。
I've gone through a few solutions from Stackoverflow, but could not relate them with my problem. 我已经完成了Stackoverflow的一些解决方案,但无法将它们与我的问题联系起来。
Here is my User Model: 这是我的用户模型:
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
#devise :database_authenticatable, :registerable,
# :recoverable, :rememberable, :trackable, :validatable
#has_secure_password
validates :password, presence: true
validates :user_name, presence: true, uniqueness: true
end
Abdul, just put/uncomment in your model devise :database_authenticatable
to Devise use password encryption. Abdul,只需在您的模型中添加/取消注释
devise :database_authenticatable
to Devise use password encryption。
class User < ApplicationRecord
devise :database_authenticatable
#has_secure_password
validates :password, presence: true
validates :user_name, presence: true, uniqueness: true
end
PS: Devise use two attributes: password
and password_confirmation
to this. PS:设计使用两个属性:
password
和password_confirmation
。
To change the route of the registration page you just need to alter the routes: 要更改注册页面的路由,您只需要更改路由:
# top level of your routes.rb
Rails.application.routes.draw do
devise_scope :user do
# custom path to sign_up/registration
get "/signup" => "devise/registrations#new", as: "new_user_registration"
end
# Below for all other routes:
devise_for :users
end
You do not need to create your own controller to handle registrations. 您无需创建自己的控制器来处理注册。 Nor should you at your skill level as there are quite a few more things going on under the hood in Devise like for example signing the user in.
你也不应该掌握自己的技能水平,因为在Devise中有很多事情要做,例如签约用户。
You have also omitted to add the Devise modules to your user model which adds the callbacks that encrypt passwords among other things: 您还省略了将Devise模块添加到您的用户模型中,该模型添加了加密密码的回调以及其他内容:
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
end
I would suggest you roll back and follow the installation steps more carefully. 我建议您回滚并更仔细地遵循安装步骤。 Then add a few integration tests to make sure its working properly.
然后添加一些集成测试以确保其正常工作。 Don't try to reinvent the wheel.
不要试图重新发明轮子。
After that you can try customizing it . 之后,您可以尝试自定义它 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.