TypeError (can’t convert Fixnum into String):
/lib/password.rb:33:in `+’
/lib/password.rb:33:in `salt’
/lib/password.rb:9:in `update’

in Password.store, and the salt value is never 64 chars long.

Good points. These are very simplified examples of code that is in a CMS I wrote. I actually use a before_save method to check the values of password and password_verification fields (which are submitted from a form), along with additional validations to ensure that the password is valid (length, complexity, etc…)

For multiple reasons, I haven’t provided complete examples, but enough that you can work with the password.rb lib.

I’m glad you found it useful, and I’ll look into the source files to see why the quotes aren’t working properly.

the assignment-method works, but the cost is, you cannot validate the password (e.g. against a minimum length), because validations uses the hashed value of the password. A better approach is:

protected
def before_save
self.password = Password::update(self.password) if self.password_changed?
end

But even here, you have to validate like this:

def validate
if self.password_changed?
errors.add(”password”, “at least 10 characters”) if self.password.length < 10
end
end

since all other validation-methods will use the hashed-version of the password, when you e.g. change some other attribute but not the password.

Best regards
Thomas

Second, in User.rb, the password will only be hashed, when the user is created. If you change the password, it just stores the plain password.

So instead of using before_create you could just overwrite the assignment method:

def password=(pass)

write_attribute(:password, password = Password::update(pass))

end

Now the password will always be hashed.

Best Regards
Thomas

P.S.: be sure to remove before_create, otherwise your password will be hashed twice and you cannot login.