invalid salt (BCrypt::Errors::InvalidSalt)

Question

Since upgraded to Ruby 2.2.0 I get the following message in my tests:

invalid salt (BCrypt::Errors::InvalidSalt)

I didn't find any upgrade notice helping me to understand the problem. I'm using Rails 4.1.8 and Sorcery 0.8.6.

Anybody else having this problem?

MORE Details:

I'm using Sorcery and not Devise. The encrypted data is the password. It all started in Cucumber tests, in 2 cases: When I used to send the @user to the mailer to prepare the data for the mails. Here was the code:

UserMailer.passphrase_reset_notification(@user).deliver

Which generated the exception with the message I wrote in the initial message. As a workaround instead of sending the @user I sent the fields I needed and it worked. Here's the new code:

UserMailer.passphrase_reset_notification(@user.name, @user.email).deliver

But the second case is the sign up. It failed in dev and I had to add :salt to user_params to fix it. But it does not fix the thing in the test env.

There's no stack trace, just that one liner message with the lines of my scenario leading to the error.

And I press "Sign up" invalid salt (BCrypt::Errors::InvalidSalt) ./app/controllers/users_controller.rb:66:in block in create' ./app/controllers/users_controller.rb:64:increate' ./app/controllers/application_controller.rb:120:in scope_current_tenant' ./features/step_definitions/web_steps.rb:53:in/^(?:|I )press "([^"]*)"$/' features/users/sign_up.feature:149:in `And I press "Sign up"'

I removed the "null: false" for the field "salt" in the user table, as suggested by a community member in a post on a more or less similar issue, it didn't help either.

My main question is still the same: what the Ruby new version (2.2.0) has to do with this? And what might be the other surprises if I upgrade the prod?

Answer 1

I just fixed this. Turned out it had to do with serializing an object with has_secure_password (which uses bcrypt-ruby)

More specifically, something like the following was causing the issue with Sidekiq as it tried to serialize arguments into objects for Redis queueing.

@user = User.new(
  :firstname => 'Scott',
  :lastname => 'Klein',
  :password => 'mypass',
  :password_confirmation => 'mypass'   
)
@user.save!

# broken
# note that @user.password can still be called here
# and sidekiq will attempt to serialize this whole object using YAML
# and this is the serialization issue that barfs (in the depths of YAML)
UserMailer.delay.new_user_signup(@user)

# fixed
# i just passed the id and then recalled the user record in the mailer class
UserMailer.delay.new_user_signup(@user.id)

Answer 2

I've had similar problem. Investigation made me conclude that it's bcrypt not playing well with Psych (that's the Ruby system library for generating and parsing YAML).

There's an open bcrypt issue now. Waiting for gem author to fix it.