Forum: Ruby on Rails How to get password from database using devise

F2fd1688031fbcae41c0a783f5ab7763?d=identicon&s=25 Manish Nautiyal (manish_n)
on 2012-06-20 15:04
Hi all

I'm using rails 3.2.1 + devise 2.0.4

My problem is that in my website only : Admin will create new users no
direct registration for users. Now when Admin create new_user
confirmation mail will be send to the user email id. The content of the
mail is

    user_name
    user_password

But the password come in encrypted format.


How I'll get password in readable form.
A47e0a6beeb9d048ff054fc1c3a97418?d=identicon&s=25 Walter Davis (walterdavis)
on 2012-06-20 15:13
(Received via mailing list)
On Jun 20, 2012, at 9:04 AM, Manish Nautiyal wrote:

> Hi all
>
> I'm using rails 3.2.1 + devise 2.0.4
>
> My problem is that in my website only : Admin will create new users no
> direct registration for users.

The way that I handle this in my applications is to use Devise
Invitable, and then restrict the invitation privilege to admins. You
don't get to know the password, because the user sets it herself when
she accepts the invitation. But everything else just works. Since you
aren't using registerable, you will need to provide your own "Update my
Profile" method in a controller if you want to allow the user to update
his profile, but that's covered in the Wiki.

Walter
Fe3b69bcf54d7b46d14fdbd91ff64823?d=identicon&s=25 Tyler (Guest)
on 2012-06-20 17:16
(Received via mailing list)
Why do you want the password in "readable" form?  That goes against the
most basic point of even having a password...
5f94b9b346c2aa648a80bc259978e5bc?d=identicon&s=25 Colin Law (Guest)
on 2012-06-20 17:19
(Received via mailing list)
On 20 June 2012 14:04, Manish Nautiyal <lists@ruby-forum.com> wrote:
>  user_password
>
> But the password come in encrypted format.

How is the initial pwd being setup?  If the admin is providing a
password then put that in the email.

Colin
Aae6d4accf06084efc742f85d3806b33?d=identicon&s=25 Aleksey Zapparov (aleksey_z)
on 2012-06-20 22:29
(Received via mailing list)
Attachment: signature.asc (489 Bytes)
On Wed, 20 Jun 2012 08:15:02 -0700 (PDT)
Tyler <tyler.warnock@gmail.com> wrote:

> Why do you want the password in "readable" form?  That goes against
> the most basic point of even having a password...

He disallows users to register. So only admin can create a user
account, so he wants the system to send a message to the user that his
account was created with such and such login and pass.



--
Sincerely yours,
Aleksey V. Zapparov A.K.A. ixti
FSF Member #7118
Mobile Phone: +34 677 990 688
Homepage: http://www.ixti.net
JID: zapparov@jabber.ru

*Origin: Happy Hacking!
Fe3b69bcf54d7b46d14fdbd91ff64823?d=identicon&s=25 Tyler (Guest)
on 2012-06-21 04:04
(Received via mailing list)
On Wednesday, June 20, 2012 8:20:13 AM UTC-7, ixti wrote:
>
>
I understand the use case, but still doesn't make sense to store the
password in plain text in the database.  It's actually even more
pointless
if all the users are admins... then they call all just see each others'
passwords.  And it gives the illusion of security, when in actuality
it's
one params vulnerability away from giving all-encompassing access to any
hacker that wants it
F2fd1688031fbcae41c0a783f5ab7763?d=identicon&s=25 Manish Nautiyal (manish_n)
on 2012-06-21 06:23
Tyler wrote in post #1065431:
> On Wednesday, June 20, 2012 8:20:13 AM UTC-7, ixti wrote:
>>
>>
> I understand the use case, but still doesn't make sense to store the
> password in plain text in the database.  It's actually even more
> pointless
> if all the users are admins... then they call all just see each others'
> passwords.  And it gives the illusion of security, when in actuality
> it's
> one params vulnerability away from giving all-encompassing access to any
> hacker that wants it


Dear Tyler

I don't want to store password in plain text in database. I just want to
send an email to user that your login & password is this. Devise will
store password in encrypt form in database. There will be only few(4-5)
admin and all other users will be customer.
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.