無法使用Bcrypt更新密碼

Question

我已經嘗試了很多方法，但似乎BCrypt正在加密用戶提交的密碼兩次。

當用戶註冊時 - Bcrypt很好用，而且我可以登錄。但是當我嘗試更新密碼時，我的密碼已經無法登錄。我的數據庫顯示密碼正在更新和散列，但我無法登錄。

我甚至刪除了線@customer.save，但我的數據庫仍顯示密碼正在更新中！

是什麼東西在引擎蓋下更新我不知道？見relatd SO螺紋： Updating password with BCrypt

在我Customer.rb

require 'bcrypt' 
class Customer < ActiveRecord::Base 
    include BCrypt 

    def password 
    @password ||= Password.new(password_hash) 
    end 

    def password=(new_password) 
    @password = Password.create(new_password) 
    self.password_hash = @password 
    end 

    def self.authenticate(email, password) 
    @customer = Customer.find_by_email(email) 
    if @customer && @customer.password == password 
     return @customer 
    else 
     return nil 
    end 
    end 
end 

在我customer_controller中，創建一個實際工作

require 'bcrypt' 
class CustomersController < ApplicationController 

    def create_customer_account_iphone 
    @customer_count = Customer.where(email: params[:email]).size rescue nil 
    if(@customer_count == 0 || @customer_count == nil ||) 
    @customer = Customer.new(first_name: params[:first_name], email: params[:email]) 
    @customer.password = params[:password] //this calls my model methods 
    @customer.save //here I am saving 
    unless (!@customer.save) 
    respond_to do |format| 
     msg = {:status => "SUCCESS", :messages => "Customer created", :data => @customer.as_json} 
     format.json { render :json => msg } # don't do msg.to_json 
    end 
    else 
    respond_to do |format| 
     msg = {:status => "FAILED", :messages => "Customer Not Saved"} 
     format.json { render :json => msg } # don't do msg.to_json 
    end 
    end 


def sign_in_iphone 
@customer = Customer.authenticate(params[:email], params[:password]) 
unless (@customer == 0 || @customer == nil) 
    respond_to do |format| 
    msg = {:status => "SUCCESS", :message => "CUSTOMER", :data => @customer.as_json} 
    format.json { render :json => msg } # don't do msg.to_json 
    end 
    else 
    respond_to do |format| 
     msg = {:status => "FAILED"} 
     format.json { render :json => msg } # don't do msg.to_json 
    end 
    end 
end 

在我password_reset_controller代碼

class CustomerPasswordResetsController < ApplicationController 

    def edit 
@customer = Customer.find_by_password_reset_token!(params[:id]) 
end 


def update 
@customer = Customer.find_by_password_reset_token!(params[:id]) 
if @customer.password_reset_sent_at < 2.hours.ago 
    redirect_to new_customer_password_reset_path, :alert => "Password reset has expired." 
else 
    @customer.password_hash = BCrypt::Password.create(params[:password]) 
    # @customer.save 
    unless !@customer.save 
    redirect_to new_customer_password_reset_path, :alert => "Password has been reset!" 
    else 
    render :edit 
    end 
end 
end 

在我password_reset.html.erb

<%= form_for @customer, :url => customer_password_reset_path(params[:id]), :method => :patch do |f| %> 
<% if @customer.errors.any? %> 
    <div class="error_messages"> 
     <h2>Form is invalid</h2> 
     <ul> 
     <% for message in @customer.errors.full_messages %> 
      <li><%= message %></li> 
     <% end %> 
     </ul> 
    </div> 
<% end %> 
<div class="field"> 
    <%= f.label :password %> 
    <%= f.password_field :password %> 
</div> 
<div class="field"> 
    <%= f.label :password_confirmation %> 
    <%= f.password_field :password_confirmation %> 
</div> 
<div class="actions"><%= f.submit "Update Password" %></div> 

Answer 1

鑑於您的表單，新密碼將在params[:customer][:password]而不是params[:password] - 您現有的代碼始終將密碼設置爲零。

更改密碼重置控制器更新行動，而不是做

@customer.password = params[:customer][:password] 

應該做的伎倆。作爲旁註，註釋掉customer.save並不重要，因爲您再次保存在下一行。

下次發生這種事情時，請考慮使用調試器來檢查您的操作中發生的情況 - 發現密碼設置爲零將很容易。 debugging guide有更多的技巧。

Answer 2

，你要指定password以及與password_hash做一些後期處理有可能。如果您的型號代碼採用password=方法，則打算使用此方法僅通過password。這意味着除了簡單分配外，您不需要做任何額外的工作。

你想在你password_reset方法是什麼：

@customer.password = params[:password] 
@customer.save! 

這應該通過適當的模型代碼運行它照顧它。