I've started using Sorcery for authentication purposes and have been wondering if there's a way to return a decrypted password from the DB ? When trying to return a password Rails returns nil . Is that even connected to the Sorcery gem or is it a Rails thing ? The other attributes work fine, eg the E-mail adress can be retrieved but not the password.
Any advice ? Thanks.
Sorcery build with a bcrypt
gem and the password hashing algorithm used by OpenBSD
. You can't get the plain password from a column of your model, you can only compare a string and the encrypted hash with valid_password?
.
valid_password?
Calls the configured encryption provider to compare the supplied password with the encrypted one.
Example how bcrypt
work:
require 'bcrypt'
my_password = BCrypt::Password.create("my password") #=> "$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa"
my_password.version #=> "2a"
my_password.cost #=> 10
my_password == "my password" #=> true
my_password == "not my password" #=> false
my_password = BCrypt::Password.new("$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa")
my_password == "my password" #=> true
my_password == "not my password" #=> false
I'm not a sorcery
user. Correct me if i'm a wrong.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.