我正在尝试实现一种方法,以允许从设计之外的另一个服务更改密码。
# Profile password change
def change_password(oldpass, newpass)
pepper = nil
cost = 10
# Encrypt plain text passwords
encrypt_old = ::BCrypt::Password.create("#{oldpass}#{pepper}", :cost => cost).to_s
# Validate old
if self.encrypted_password == encrypt_old
encrypt_new = ::BCrypt::Password.create("#{newpass}#{pepper}", :cost => cost).to_s
self.encrypted_password = encrypt_new
self.save
else
Logger.new("Wrong old password!")
end
end
看来我的密码加密错误 oldpass 包含旧密码的纯文本,我需要对其进行哈希处理,看看它是否与当前密码匹配,然后允许存储新密码。但是,我得到的只是密码错误。
重做:
def change_password(oldpass, newpass)
if valid_password?(oldpass)
password = newpass
save
return true
else
return false
end
end