0
我想了解has_secure_password是如何工作的。在bcrypt-ruby website下面有如何使用它的例子。類User的password方法使我困惑。它看起來像代碼@password ||= Password.new(password_hash)採取加密散列並返回未加密的密碼。不應該只能從加密哈希中恢復密碼。什麼是我誤解約Password.newbcrypt-ruby如何掩蓋被黑客入侵的數據庫的密碼?
用戶模型
require 'bcrypt'
class User < ActiveRecord::Base
# users.password_hash in the database is a :string
include BCrypt
def password
@password ||= Password.new(password_hash)
end
def password=(new_password)
@password = Password.create(new_password)
self.password_hash = @password
end
end
創建帳戶
def create
@user = User.new(params[:user])
@user.password = params[:password]
@user.save!
end
驗證用戶
def login
@user = User.find_by_email(params[:email])
if @user.password == params[:password]
give_token
else
redirect_to home_url
end
end