自动为用户设置密码-无需设计

Question

I'm beginner with Rails 5, i would appreciate your help.

I have an user model, where obviously save a password for the user for a possible login.

The thing is i want to set the password automatically based on a text_field called identification_number.

Everything I've read is about doing it with Devise gem, but I'm not using it and also don't want to.

Once again, thanks for your help.

Answer 1

The password field is just another string field called :identification_number for your case.

But , saving password in the DB as plain strings is highly unrecommended.

There are a lot of security issues if you save the passwords as plain strings on your database.

Some of them are that:

• You have full access on the passwords of your users
• If someone, somehow manages to access your database they will also have full access to the passwords of your users.

In order to avoid these issues, most of the applications save the password strings as encrypted strings with some kind of salt for enhanced entropy.

With a quick google search I found some relevant blog posts that can help you build the password encryption from scratch, such as:

Without using a gem: https://www.sitepoint.com/rails-userpassword-authentication-from-scratch-part-i/

Using some gems: http://railscasts.com/episodes/250-authentication-from-scratch?view=asciicast

Apart from that, the password is not an identification_number. I would not use that name. The password is not used to identify the user. The id is most of the time the identification number. Better just call it :password . Also, it does not need to be a text field, it shouldn't be that long.

Answer 2

You can use bcrypt gem for implementing the secure password.

The bcrypt ruby gem provides you with has_secure_password method. The has_secure_password method encrypts passwords by hashing and salting the passwords and generate 'password_digest'.

you can refer this link for more info