rails在ruby控制台中验证了无效的散列密码，但在重新打开后没有验证为什么？

igsr9ssn 于 2021-06-21 发布在 Mysql

关注(0)|答案(1)|浏览(340)

我正在关注[lynda.com的rubyonrails5基础培训][1]，在构建登录系统时非常困惑。
问题是，数据库似乎与rails使用的哈希不同。我看了所有的原因和修复，我明白，存储的哈希和一个rails运行是不同的，但为什么和如何才能修复这个问题？
我补充说：
已安装bcrypt 3.1.11 gem
表中的密码摘要列
有\u安全的\u密码来更正模型文件
我已向下迁移并再次备份，以查看表是否有问题。
存储在数据库中的密码是散列的-密码摘要：$2a$10$amhxzbl/zxq9yhor7ubsiodsgloardkxo
我甚至在ruby控制台中遵循了以下步骤：

user.password = 'password'
user.password_confirmation = 'password'
user.save
user.authenticate('password')

密码将保存，身份验证将显示正确的条目，但在重新运行控制台或使用rails服务器上的登录页后，该条目不匹配。
每次我都会遇到这样的错误：

BCrypt::Errors::InvalidHash (invalid hash):

app/controllers/cms_access_controller.rb:16:in `attempt_login'

浏览器中的无效散列错误被卡在这里：

found_user = CmsUser.where(:username => params[:username]).first
  if found_user
    authorized_user = found_user.authenticate(params[:password])
  end
end

以下是rails的日志：

Started POST "/cms_access/attempt_login" for 127.0.0.1 at 2018-01-02 17:59:18 +0800
Processing by CmsAccessController#attempt_login as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"YP2tiHyRfDhJhhuF+PPM0D+hA+6BMJW5YmTyZyLpT6nXs4NdhGyihVKZpoMaRl0oUsobnr6x5bYGBR75+huUjg==", "username"=>"username", "password"=>"[FILTERED]", "commit"=>"Login"}
[1m[36mCmsUser Load (0.4ms)[0m  [1m[34mSELECT  `cms_users`.* FROM `cms_users` WHERE `cms_users`.`username` = 'username' ORDER BY `cms_users`.`id` ASC LIMIT 1[0m
Completed 500 Internal Server Error in 9ms (ActiveRecord: 0.4ms)

BCrypt::Errors::InvalidHash (invalid hash):

app/controllers/cms_access_controller.rb:16:in `attempt_login'

完整的irb代码如下：

irb(main):001:0> u = CmsUser.first
   (0.4ms)  SET NAMES utf8,  @@SESSION.sql_mode = CONCAT(REPLACE(REPLACE(REPLACE(@@sql_mode, 'STRICT_TRANS_TABLES', ''), 'STRICT_ALL_TABLES', ''), 'TRADITIONAL', ''), ',NO_AUTO_VALUE_ON_ZERO'),  @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483
  CmsUser Load (0.2ms)  SELECT  `cms_users`.* FROM `cms_users` ORDER BY `cms_users`.`id` ASC LIMIT 1
=> #<CmsUser id: 1, first_name: "first name", last_name: "last name", email: "email", username: "username", password_digest: nil, created_at: "2018-01-02 14:48:42", updated_at: "2018-01-02 14:48:42">
irb(main):002:0> u.password = "password"
=> "password"
irb(main):003:0> u.password_confirmation = "password"
=> "password"
irb(main):004:0> u.save
   (0.3ms)  BEGIN
  SQL (0.4ms)  UPDATE `cms_users` SET `password_digest` = '$2a$10$gKAyDPTNzg.7Xnd7uatzuu0VWZNH6zGPA653RZ.5THB2Rziax1fyC', `updated_at` = '2018-01-02 14:50:29' WHERE `cms_users`.`id` = 1
   (1.1ms)  COMMIT
=> true
irb(main):005:0> u.authenticate("password")
=> #<CmsUser id: 1, first_name: "first name", last_name: "last name", email: "email", username: "username", password_digest: "$2a$10$gKAyDPTNzg.7Xnd7uatzuu0VWZNH6zGPA653RZ.5THB...", created_at: "2018-01-02 14:48:42", updated_at: "2018-01-02 14:50:29">

运行rails服务器并尝试登录后：

Started POST "/cms_access/attempt_login" for 127.0.0.1 at 2018-01-02 22:52:01 +0800
Processing by CmsAccessController#attempt_login as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"qF/U+46QhGZHYuEbfPTStRxryPpp0hIEt1TQIRVE5bgfEfoudm1a21x9XB2eQUNNcQDQilZTYgvTNTy/zbY+nw==", "username"=>"username", "password"=>"[FILTERED]", "commit"=>"Login"}
  CmsUser Load (0.4ms)  SELECT  `cms_users`.* FROM `cms_users` WHERE `cms_users`.`username` = 'username' ORDER BY `cms_users`.`id` ASC LIMIT 1
Completed 500 Internal Server Error in 11ms (ActiveRecord: 0.8ms)

BCrypt::Errors::InvalidHash (invalid hash):

app/controllers/cms_access_controller.rb:16:in `attempt_login'

mysql Database ruby-on-rails ruby login

来源：https://stackoverflow.com/questions/48058473/rails-invalid-hash-password-authenticates-in-ruby-console-but-after-reopening-it

1条答案

按热度按时间

xkrw2x1b1#

尝试下面的登录操作

found_user = CmsUser.find_by(:username => params[:session][:username].downcase)
if found_user && found_user.authenticate(params[:session][:password])
  #=> code to be here
else
  #=> code to be here
end

希望能帮上忙

赞(0）回复(0）举报 2021-06-21

我来回答

rails在ruby控制台中验证了无效的散列密码，但在重新打开后没有验证为什么？

1条答案

相关问题

热门标签

最新问答