I'm using devise token auth and I'm setting up password reset process. When I click the reset link in the email, it has the url parameter reset_password_token=hK3yxC1zVZCbWL8WgqKM
but when in the rails console I do
2.5.1 :004 > User.first.reset_password_token
User Load (0.6ms) SELECT "users".* FROM "users" ORDER BY "users"."id" ASC LIMIT $1 [["LIMIT", 1]]
=> "ab432079e4e8aacfa0ecb5df17a7cea169990b0e0809ea9553248064220471a7"
These tokens do not match but they should. Is it encoded somehow and if so how can I find a user which has a token?
What is stored in the database, is the Digest::SHA256
.
token = "hK3yxC1zVZCbWL8WgqKM"
Digest::SHA256.hexdigest token
#⇒ "ae74625ac2357c8f2de0f3f52647aaee191dbba5d383f8ec5822cfec5c24384e"
One obviously cannot revert it back to token, one can only hexdigest
the token that came from the user and compare it against what is stored in the database.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.