code:
class LoginController < ApplicationController
def auth
if params[:name].present? && params[:pass].present? && params[:role].present?
@name=params[:name]
pass=params[:pass]
role=params[:role]
epass = BCrypt::Password.new(pass)
else
render "argerror"
end
end
end
BCrypt::Errors::InvalidHash (invalid hash):
app/controllers/login_controller.rb:12:in `new'
app/controllers/login_controller.rb:12:in `auth'
salt = BCrypt::Engine.generate_salt
pass = BCrypt::Engine.hash_secret(pass, salt)
You need to give BCrypt::Password.new
the hash you have stored in the database, not the password the user is submitting. Then you compare that with input received from the user.
Example:
# Create hash of password
pass = BCrypt::Password.create('TestPassword')
=> "$2a$10$3.D6D2htbiRrezmZUhePV.gaQlc3ZjFYD9hv43khN5eWP5y8BGUXG"
# Pass the hash you have stored to Password.new
db_hash = BCrypt::Password.new("$2a$10$3.D6D2htbiRrezmZUhePV.gaQlc3ZjFYD9hv43khN5eWP5y8BGUXG")
# Compare the input from the user to the password stored
db_hash == "TestPassword"
=> true
db_hash == "NotRealPassword"
=> false
You can find some more info here: https://github.com/codahale/bcrypt-ruby#how-to-use-bcrypt-ruby-in-general
Also, if you're using Rails >= 3 I'd look into using ActiveModel::SecurePassword
with your User model. Some more info here: http://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html