无法使用Bcrypt更新密码

Question

我已经尝试了很多方法，但似乎BCrypt正在加密用户提交的密码两次。

当用户注册时 - Bcrypt很好用，而且我可以登录。但是当我尝试更新密码时，我的密码已经无法登录。我的数据库显示密码正在更新和散列，但我无法登录。

我甚至删除了线@customer.save，但我的数据库仍显示密码正在更新中！

是什么东西在引擎盖下更新我不知道？见relatd SO螺纹： Updating password with BCrypt

在我Customer.rb

require 'bcrypt' 
class Customer < ActiveRecord::Base 
    include BCrypt 

    def password 
    @password ||= Password.new(password_hash) 
    end 

    def password=(new_password) 
    @password = Password.create(new_password) 
    self.password_hash = @password 
    end 

    def self.authenticate(email, password) 
    @customer = Customer.find_by_email(email) 
    if @customer && @customer.password == password 
     return @customer 
    else 
     return nil 
    end 
    end 
end 

在我customer_controller中，创建一个实际工作

require 'bcrypt' 
class CustomersController < ApplicationController 

    def create_customer_account_iphone 
    @customer_count = Customer.where(email: params[:email]).size rescue nil 
    if(@customer_count == 0 || @customer_count == nil ||) 
    @customer = Customer.new(first_name: params[:first_name], email: params[:email]) 
    @customer.password = params[:password] //this calls my model methods 
    @customer.save //here I am saving 
    unless (!@customer.save) 
    respond_to do |format| 
     msg = {:status => "SUCCESS", :messages => "Customer created", :data => @customer.as_json} 
     format.json { render :json => msg } # don't do msg.to_json 
    end 
    else 
    respond_to do |format| 
     msg = {:status => "FAILED", :messages => "Customer Not Saved"} 
     format.json { render :json => msg } # don't do msg.to_json 
    end 
    end 


def sign_in_iphone 
@customer = Customer.authenticate(params[:email], params[:password]) 
unless (@customer == 0 || @customer == nil) 
    respond_to do |format| 
    msg = {:status => "SUCCESS", :message => "CUSTOMER", :data => @customer.as_json} 
    format.json { render :json => msg } # don't do msg.to_json 
    end 
    else 
    respond_to do |format| 
     msg = {:status => "FAILED"} 
     format.json { render :json => msg } # don't do msg.to_json 
    end 
    end 
end 

在我password_reset_controller代码

class CustomerPasswordResetsController < ApplicationController 

    def edit 
@customer = Customer.find_by_password_reset_token!(params[:id]) 
end 


def update 
@customer = Customer.find_by_password_reset_token!(params[:id]) 
if @customer.password_reset_sent_at < 2.hours.ago 
    redirect_to new_customer_password_reset_path, :alert => "Password reset has expired." 
else 
    @customer.password_hash = BCrypt::Password.create(params[:password]) 
    # @customer.save 
    unless !@customer.save 
    redirect_to new_customer_password_reset_path, :alert => "Password has been reset!" 
    else 
    render :edit 
    end 
end 
end 

在我password_reset.html.erb

<%= form_for @customer, :url => customer_password_reset_path(params[:id]), :method => :patch do |f| %> 
<% if @customer.errors.any? %> 
    <div class="error_messages"> 
     <h2>Form is invalid</h2> 
     <ul> 
     <% for message in @customer.errors.full_messages %> 
      <li><%= message %></li> 
     <% end %> 
     </ul> 
    </div> 
<% end %> 
<div class="field"> 
    <%= f.label :password %> 
    <%= f.password_field :password %> 
</div> 
<div class="field"> 
    <%= f.label :password_confirmation %> 
    <%= f.password_field :password_confirmation %> 
</div> 
<div class="actions"><%= f.submit "Update Password" %></div> 

Answer 1

鉴于您的表单，新密码将在params[:customer][:password]而不是params[:password] - 您现有的代码始终将密码设置为零。

更改密码重置控制器更新行动，而不是做

@customer.password = params[:customer][:password] 

应该做的伎俩。作为旁注，注释掉customer.save并不重要，因为您再次保存在下一行。

下次发生这种事情时，请考虑使用调试器来检查您的操作中发生的情况 - 发现密码设置为零将很容易。 debugging guide有更多的技巧。

Answer 2

，你要指定password以及与password_hash做一些后期处理有可能。如果您的型号代码采用password=方法，则打算使用此方法仅通过password。这意味着除了简单分配外，您不需要做任何额外的工作。

你想在你password_reset方法是什么：

@customer.password = params[:password] 
@customer.save! 

这应该通过适当的模型代码运行它照顾它。