i'm developing a simple Ruby authentication app with Sinatra and DataMapper.
I have successfully implemented an hashing password method for when the users get registered, but i'm unable to get the authentication route to work, it simply doesn't match the provided password with the hashed version, stored into the DB (MySQL).
After reading a lot of documentation, a lot of questions here on stackoverflow, and more documentation again, i'm here asking for your help.
I've created a simple GET route to try to understand how the BCrypt library works, without storing the password into the db, the purpose of this route is simply to understand how to use the library:
get "/test" do
password_hash = BCrypt::Password.create("wazz")
password = "wazz"
puts password_hash
if BCrypt::Password.new(password_hash).is_password? password
status 201
end
halt(500, {error: password_hash}.to_json)
end
So basically all i have to do is to send a GET request to /test and all should be done, but it's not, BCrypt::Password.new seems not validating the original password against the hashed one.
Thank you in advance, any help would be very appreciated.
Your use of bcrypt works, but the program flow is wrong. Most importantly, the call to status 201 does not exit from the controller at that point, it continues on, so you have set things up so that whether or not the bcrypt works is irrelevant.
Do something like this instead:
get "/test" do
password_hash = BCrypt::Password.create("wazz")
password = "wazz"
unless BCrypt::Password.new(password_hash).is_password? password
halt(500, {error: password_hash}.to_json)
end
status 201
{message: 'Session created'}.to_json
end