Php 验证Rails 4中的Symfony 2密码
我必须将用户表从Symfony 2导入Rails 4应用程序。所有用户必须使用旧密码使用Desive登录新的rails应用程序 我目前所做的工作如下:Php 验证Rails 4中的Symfony 2密码,php,ruby-on-rails,symfony,encryption,devise,Php,Ruby On Rails,Symfony,Encryption,Devise,我必须将用户表从Symfony 2导入Rails 4应用程序。所有用户必须使用旧密码使用Desive登录新的rails应用程序 我目前所做的工作如下: class User < ActiveRecord::Base alias :devise_valid_password? :valid_password? def valid_password?(password) salt = self.salt begin devise_valid_passwor
class User < ActiveRecord::Base
alias :devise_valid_password? :valid_password?
def valid_password?(password)
salt = self.salt
begin
devise_valid_password?(password)
rescue BCrypt::Errors::InvalidHash
return false unless Digest::SHA512.hexdigest("#{salt}:#{password}") == encrypted_password
logger.info "User #{email} is using the old password hashing method, updating."
self.password = password
self.salt = nil
self.save
true
end
end
end
任何人都可以说,这一行与Symfony 2一样工作的正确说法是什么
Digest::SHA512.hexdigest("#{salt}:#{password}")
谢谢
编辑
感谢Nextar的回答。主旨:
这有助于:
Symfony uses a specific method to combine the salt and encode the password before
comparing it to your encoded password. If getSalt() returns nothing, then the submitted
password is simply encoded using the algorithm you specify in security.yml. If a salt is
specified, then the following value is created and then hashed via the algorithm:
$password.'{'.$salt.'}';
那么,您可以按错误的顺序散列密码吗?抱歉,我不熟悉ruby,但是Digest::SHA512.hexdigest(“#{salt}:#{password}”)似乎与$password不同。{salt.};在php中这很有效:
Digest::SHA512.hexdigest(“{password}{{salt}”)
非常感谢!
Symfony uses a specific method to combine the salt and encode the password before
comparing it to your encoded password. If getSalt() returns nothing, then the submitted
password is simply encoded using the algorithm you specify in security.yml. If a salt is
specified, then the following value is created and then hashed via the algorithm:
$password.'{'.$salt.'}';