So, basically, we need to - based on the user/password sent by the user in an AJAX POST, validate it against the database.
For example, for user "John", password "HelloStackOverflow1234":
crypted_password: 400$8$4c$e7d64e4751fbde73$e60fea062a3cb3ae78bc8e916a8da78ee8816b8519f4bcad95315a4c60229ac1
password_salt: EW3AY1Btb3KEZb6Z1mBu
How do I - in RoR4+AuthLogic - can validate the password is correct?
What I'm trying now is:
user.crypted_password == BCrypt::Password.create(user.password_salt + "HelloStackOverflow", cost: 8)
Which should return true, but it's not.
We have a legacy (well-written by previous developers, though) backend written in Rails 4, and recently decided to build a Single Page Application that will use a new REST API. Right now we are focusing on the front-end, and the new /api/v2 calls will be written on the current codebase, in Rails. We don't plan to rewrite the backend anytime soon.
We are struggling to authenticate a simple PAP (Password Authentication Protocol) POST with user/password against the hashes generated by legacy Authlogic, which should still be on production for quite some time.
A few hours on Google/Stack Overflow proved to be frustrating, since there is no way we could find useful information to our current skillset.
After a few more attempts I found it out by myself...
user.valid_password?("HelloStackOverflow")
Relevant XKCD: https://xkcd.com/979/