Custom password field with devise (ruby) -
i'm using database shared between 2 rails apps.
a webapp using bcrypt , has_secure_password authenticate user, , app, rest api, using devise authenticate users. password hash same.
so, use field password_digest instead of encrypted_password authenticate via devise , don't know how ! (i'm seeking in documentation find nothing). so, have copy / paste password hash password_digest encrypted_password yet.
here session controller code :
class sessionscontroller < devise::sessionscontroller before_filter :ensure_params_exist def create build_resource resource = user.find_for_database_authentication(:email => params[:email]) return invalid_login_attempt unless resource if resource.valid_password?(params[:password]) #resource.ensure_authentication_token! #make sure user has token generated sign_in("user", resource) render :json => { :authentication_token => resource.authentication_token, :lastname => resource.lastname, :firstname => resource.firstname, :last_sign_in => resource.last_sign_in_at }, :status => :created return end invalid_login_attempt end #def destroy # # expire auth token # @user=user.where(:authentication_token=>params[:auth_token]).first # @user.reset_authentication_token! # render :json => { :message => ["session deleted."] }, :success => true, :status => :ok #end protected def ensure_params_exist return unless params[:email].blank? render :json=>{:success=>false, :message=>"missing email parameter"}, :status=>422 end def invalid_login_attempt warden.custom_failure! render :json => { :errors => ["invalid email or password."] }, :success => false, :status => :unauthorized end end
and user model
class user < activerecord::base before_save :ensure_authentication_token # include default devise modules. others available are: # :token_authenticatable, :confirmable, # :lockable, :timeoutable , :omniauthable devise :database_authenticatable, :trackable, :token_authenticatable#, :registerable, #:recoverable, :rememberable, :trackable, :validatable # setup accessible (or protected) attributes model attr_accessible :email, :password, :password_confirmation, :remember_me, :client_id, :firstname, :group_id, :lastname, :password, :password_confirmation, :role_id, :group_ids, :auth_token, :password_digest, :encrypted_password # relations dans la base de données belongs_to :client belongs_to :role has_many :memberships has_many :groups, :through => :memberships end
i not aware how bcrypt/has_secure_password works, can either use virtual attributes follows
def encrypted_password return password_digest end def encrypted_password= value return password_digest end or better, use alias methods set encrypted_password , encrypted_password= alias methods password_digest , password_digest=.
Comments
Post a Comment