Rails 5 : Devise Gem password Encryption
Question
I am Rails Beginner. I'm trying to use save password using Devise gem. Somehow I see an issue using Bcrypt and as per suggestion i've chosen Devise.
When i installed Devise and trying to save password, It is being saved as plain simple text. Here is the code which i am using.
config.rb
Rails.application.routes.draw do
devise_for :users #This got added as part of Devise gem usage
#.... Other different routes
resources :users, except: [:new] # I am using users controller and generating routes except for new(Sign_up)
get '/signup', to: 'users#new', as: 'signup' #This is route i wanted for signup
end
Here is the code i am using in my controller .
class UsersController < ApplicationController
def new
@user=User.new
end
def create
@user=User.new(user_params)
#@user=User.new(:password => @user.password).encrypted_password
if @user.save
flash[:success]="User "+@user.user_name+" created successfully"
redirect_to users_path
else
render 'new'
end
end
private
def user_params
params.require(:user).permit(:user_name,:password,:admin)
end
end
This is what i gotta see in DB.
User Load (4.0ms) SELECT "users".* FROM "users" LIMIT $1 [["LIMIT", 11]]
=> #<ActiveRecord::Relation [#<User id: 3, user_name: "admin", password: "admin", admin: "1", created_at: "2018-03-03 08:52:19", updated_at: "2018-03-03 08:52:19", sign_in_count: 0, current_sign_in_at: nil, last_sign_in_at: nil, current_sign_in_ip: nil, last_sign_in_ip: nil>, #<User id: 4, user_name: "admin2", password: "admin", admin: "1", created_at: "2018-03-03 08:52:36", updated_at: "2018-03-03 08:52:36", sign_in_count: 0, current_sign_in_at: nil, last_sign_in_at: nil, current_sign_in_ip: nil, last_sign_in_ip: nil>]>
I really wonder where the logical connection lies in encryption of password. Being new to Rails i could not understand how is this going to work.
Even i could see the last_sign_up , and ip fields also nil. Bcrypt does it automatically.
I've gone through a few solutions from Stackoverflow, but could not relate them with my problem.
Here is my User Model:
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
#devise :database_authenticatable, :registerable,
# :recoverable, :rememberable, :trackable, :validatable
#has_secure_password
validates :password, presence: true
validates :user_name, presence: true, uniqueness: true
end
2 answers
solution1
3 2018-03-04 19:52:13
Abdul, just put/uncomment in your model devise :database_authenticatable to Devise use password encryption.
class User < ApplicationRecord
devise :database_authenticatable
#has_secure_password
validates :password, presence: true
validates :user_name, presence: true, uniqueness: true
end
PS: Devise use two attributes: password and password_confirmation to this.
solution2
2 2018-03-04 16:18:46
To change the route of the registration page you just need to alter the routes:
# top level of your routes.rb
Rails.application.routes.draw do
devise_scope :user do
# custom path to sign_up/registration
get "/signup" => "devise/registrations#new", as: "new_user_registration"
end
# Below for all other routes:
devise_for :users
end
You do not need to create your own controller to handle registrations. Nor should you at your skill level as there are quite a few more things going on under the hood in Devise like for example signing the user in.
You have also omitted to add the Devise modules to your user model which adds the callbacks that encrypt passwords among other things:
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
end
I would suggest you roll back and follow the installation steps more carefully. Then add a few integration tests to make sure its working properly. Don't try to reinvent the wheel.
After that you can try customizing it .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.