I use Devise gem for authentication.
How can I check if the password submitted in params
array is valid?
I try to compare the value of user.encrypted_password
with BCrypt::Password.create('password')
but the hash values are different.
May be I need something like salt value?
Devise initially stores the original password by encrypting it. The encrypted_password (field name in your model) gets stored in the database. Now, when you call User. find_by :email => "[email protected]" the password field is non existing.
Devise is a well known solution for authentication in Rails applications. It's full featured (it not only adds authentication but also password recovery, email changing, session timeout, locking, ip tracking, etc.) and can be expanded to add even more (like JWT authentication).
Just use devise's valid_password? method, for example:
user.valid_password?('password123')
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With