How to return a decrypted password from the DB in Rails using Sorcery gem?

Question

I've started using Sorcery for authentication purposes and have been wondering if there's a way to return a decrypted password from the DB ? When trying to return a password Rails returns nil . Is that even connected to the Sorcery gem or is it a Rails thing ? The other attributes work fine, eg the E-mail adress can be retrieved but not the password.

Any advice ? Thanks.

Answer 1

Sorcery build with a bcrypt gem and the password hashing algorithm used by OpenBSD . You can't get the plain password from a column of your model, you can only compare a string and the encrypted hash with valid_password? .

valid_password? Calls the configured encryption provider to compare the supplied password with the encrypted one.

Example how bcrypt work:

require 'bcrypt'

my_password = BCrypt::Password.create("my password") #=> "$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa"

my_password.version              #=> "2a"
my_password.cost                 #=> 10
my_password == "my password"     #=> true
my_password == "not my password" #=> false

my_password = BCrypt::Password.new("$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa")
my_password == "my password"     #=> true
my_password == "not my password" #=> false

I'm not a sorcery user. Correct me if i'm a wrong.