Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- post "/password_reset" do
- user = User.first(:email => params[:email], :temp_password => params[:temp_password])
- if dealer != nil then
- password_salt = BCrypt::Engine.generate_salt
- password_hash = BCrypt::Engine.hash_secret(params[:password], password_salt)
- user.set(:password_hash => password_hash)
- user.set(:password_salt => password_salt)
- end
- end
- post "/auth" do
- @user = User.first(:email => params[:email])
- @user_hash = BCrypt::Password.new(@user.password_hash) #because the password_hash is stored in the db as a string, I cast it as a BCrypt::Password for comparison
- if @user_hash == BCrypt::Engine.hash_secret(params[:password], @user.password_salt.to_s) then
- auth = true
- else
- auth = false
- end
- end
- if @user_hash == BCrypt::Engine.hash_secret(params[:password], @user.password_salt.to_s)
- password_salt = BCrypt::Engine.generate_salt
- password_hash = BCrypt::Engine.hash_secret("s3kr1t!", password_salt)
- puts password_salt
- puts password_hash
- post "/password_reset" do
- user = User.first(:email => params[:email], :temp_password => params[:temp_password])
- if dealer != nil then
- password_hash = BCrypt::Password.create(params[:password])
- user.set(:password_hash => password_hash) # no need to store the salt separately in the database
- end
- end
- post "/auth" do
- @user = User.first(:email => params[:email])
- @user_hash = BCrypt::Password.new(@user.password_hash)
- if @user_hash == params[:password] then # overridden == method performs hashing for us
- auth = true
- else
- auth = false
- end
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
