- yeah, you can’t get the password back from the SHA1 scheme unless you
save it in the table, as Technoweenie says. Personally, I think it’s a
bad idea anyway.
2.If you use the standard scaffolding to edit a user record, you are
going to be in trouble. The scaffold will put the encrypted password
into the appropriate field and when you submit it, it will re-encrypt
the password based on the already encrypted password. Net result is a
random password being saved. The model is set up to ignore the password
if it is blank, so just set the password field to “” before rendering
FYI, you can reset the password manually in the database using
- Browse the record for the user.
- select the SHA1 function for the password column
- enter ‘change me–new password–’ in the field (assuming you haven’t
changed your salt)
Footnote, updating attributes for the user model will muck up your
password in the same way. At least in development mode. I think
ActiveRecord assumes the entire record changes then and writes
everything back… resulting in a re-hashed password.
I haven’t tested it, but it might be possible to override the password
attribute functions to return a blank, and then write a different one to
read the real, encrypted value. The authentication routines could be
modified to use the new one. That way the scaffold and other routines
would not be able to retrieve the encrypted value and thus can’t rehash