Ask A Question


You’re not receiving notifications from this thread.

BCrypt: Can't validate passwords

sweedledee asked in Rails

I can't seem to get BCrypt to validate my passwords.
I'm trying to get back into rails with 7.
Can't seem to get passed password validation for my Admin:

As I understand it. It's a very straight forward process:

  • Create and run db:migration Admin that has 'username', email & password_digest. All set to be strings.
  • Uncomment BCrypt in the gemfile,
  • run 'bundle install'
  • in the Model file add 'has_secure_password'
  • open rails console and create a new Admin. So far so good. I can see that the password is [Filtered] so I presume we're all good. However when I try to validate the password I always get the same error.

michael@LAPTOP-9C2OU27A:~/projects/rails/mctie$ rails c
Loading development environment (Rails
irb(main):001:0> admin = 'screenbeam', email: '', password_digest: 'password')
=> #
Admin Exists? (0.7ms) SELECT 1 AS one FROM "admins" WHERE LOWER("admins"."username") = LOWER($1) LIMIT $2 [["username", "screenbeam"], ["LIMIT", 1]]
Admin Create (0.5ms) INSERT INTO "admins" ("username", "email", "password_digest", "created_at", "updated_at") VALUES ($1, $2, $3, $4, $5) RETURNING "id" [["username", "screenbeam"], ["email", ""], ["password_digest", "[FILTERED]"], ["created_at", "2022-03-25 10:54:35.072350"], ["updated_at", "2022-03-25 10:54:35.072350"]]
=> true
irb(main):003:0> admin.authenticate('password')
/home/michael/.rbenv/versions/3.0.3/lib/ruby/gems/3.0.0/gems/bcrypt-3.1.17/lib/bcrypt/password.rb:60:in `initialize': invalid hash (BCrypt::Errors::InvalidHash)


Just got an answer to this from stackoverflow. I need to have both 'password' and 'password_digest' in my columns of the DB table. and I should only use the password, the password_digest is left alone (at least for this small scenario)

Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 82,969+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.