I’m in the progress of migrating my website from using Authlogic to my
own authentication solution for one reason or another and I’ve hit a
little problem - I’ve set Authlogic to use bcrypt-ruby for passwords,
and now I’m confused as to how I’m supposed to work with the library
and authenticate existing users in my database.
For example, I registered a new user on my website with the password
“test”. Here’s the hash and salt stored in the database:
ruby-1.9.2-p0 > u.crypted_password
ruby-1.9.2-p0 > u.password_salt
One would assume that I would do something like this to check the
password using the bcrypt library:
ruby-1.9.2-p0 > BCrypt::Password.new("$2a
$10$71.OHo9IrbKve9Mu7m.FNO6QRedkmGuue3/y/StdhlksBnvlL6GBS") == “hello”
…but the result is “false”. Do we need to work the salt in? And if
yes, how? Trying to pass it as a constructor argument or trying the
“salt” setter doesn’t work.