堆栈内存溢出
  简体   繁体   English

如何在 Rails 中为用户使用客户哈希函数?

[英]How use customer hash function for user in rails?

 原文  2020-03-12 15:41:09       ruby-on-rails/ ruby

问题描述

In my user model I have在我的用户模型中,我有

create_table "users", force: :cascade do |t|
  t.string "name"
  t.string "email"
  t.datetime "created_at", precision: 6, null: false
  t.datetime "updated_at", precision: 6, null: false
  t.string "password_digest"
end

I don't understand how t.string "password_digest" work in rails?我不明白t.string "password_digest"在 rails 中是如何工作的? Will it use a default hash function?它会使用默认的哈希函数吗?

1 个解决方案

解决方案1
 0  2020-03-12 17:09:03

Rails will not automatically do anything with your column just because its named password_digest . Rails 不会仅仅因为您的列名为password_digest就自动对它做任何事情。 You actually have to implement password encryption for anything to happen.您实际上必须为发生的任何事情实施密码加密。

Rails introduced has_secure_password in 3.1 to create a standardized way to handle password encryption and avoid the pitfalls of reinventing the password encryption wheel. Rails 在 3.1 中引入了has_secure_password来创建一种标准化的方式来处理密码加密并避免重新发明密码加密轮的陷阱。

# make sure you add bcrypt to the gemfile and run bundle install
class User < ApplicationRecord
  has_secure_password
end

It adds a password= setter on the model which hashes the password with bcrypt and sets the password_digest .它在模型上添加了一个password= setter,用bcrypt散列密码并设置password_digest It also adds a password_confirmation= setter and validations.它还添加了password_confirmation= setter 和验证。

You can then authenticate users by calling:然后,您可以通过调用来验证用户:

class SessionsController
  def create
    # will be nil or false if the email or password does not check out
    @user = User.find_by(params[:email])&.authenticate(params[:password])
    if @user
      session[:user_id] = @user.id
      redirect_to '/somewhere'
    else
      render :new, notice: 'Invalid email or password'
    end
  end
end

This compares the result of hashing params[:password] to the values stored in the database.这将散列params[:password]的结果与存储在数据库中的值进行比较。 Of course you should not really reinvent the authentication wheel if you don't want to learn more about wheels.当然,如果您不想了解有关轮子的更多信息,您不应该真正重新发明身份验证轮子。 For production apps you should really choose battle tested solutions like Devise.对于生产应用程序,您应该真正选择经过实战考验的解决方案,例如 Devise。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Rails中为模型的哈希属性创建客户序列化程序? - How do I create a customer serializer for a hash attribute of a model in Rails? 如何允许管理员用户访问客户用户对象导轨 - How to allow Admin user to access customer user objects rails 如何为可以是主机,客户或两者的用户建模? 滑轨 - How to model a user that can be a host, customer, or both? Rails 如何在Rails哈希中使用jquery变量作为键 - how to use a jquery variable in rails hash as a key Rails哈希到数组哈希怎么样? - Rails hash to array to hash how to? 如何使用ruby哈希作为javascript函数的选项 - How to use a ruby hash as a options for javascript function 如何在Rails视图中将输入用于键值哈希属性? - How to use inputs for key value hash attributes in rails view? 如何使用check_box_tag将其传递给Rails中的params哈希? - How to use check_box_tag to pass it to the params hash in Rails? Rspec,Rails - 如何测试使用params hash的helper方法? - Rspec, Rails - how to test helper method that use params hash? Rails 4:如何在 Where 中使用 Store(序列化存储哈希)? - Rails 4: How to use Store (serialized stored hash) in Where?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM