Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Devise password check

I use Devise gem for authentication. How can I check if the password submitted in params array is valid?

I try to compare the value of user.encrypted_password with BCrypt::Password.create('password') but the hash values are different.

May be I need something like salt value?

like image 545
Sergey Vernidub Avatar asked Jul 05 '13 22:07

Sergey Vernidub


People also ask

How do you get a password in devise?

Devise initially stores the original password by encrypting it. The encrypted_password (field name in your model) gets stored in the database. Now, when you call User. find_by :email => "[email protected]" the password field is non existing.

What is devise authentication?

Devise is a well known solution for authentication in Rails applications. It's full featured (it not only adds authentication but also password recovery, email changing, session timeout, locking, ip tracking, etc.) and can be expanded to add even more (like JWT authentication).


1 Answers

Just use devise's valid_password? method, for example:

user.valid_password?('password123')
like image 53
railscard Avatar answered Oct 11 '22 03:10

railscard