Giters

riverrun / comeonin

Password hashing specification for the Elixir programming language

Home Page:https://hex.pm/packages/comeonin

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

:ok instead of password

Sjoerd opened this issue · comments

commented

Hi,
I try to hash the password, but it doesn't work 🤔

Code:

  def changeset(user, attrs) do
    user
    |> cast(attrs, [:email, :username, :password, :password_confirmation])
    |> validate_required([:email, :username, :password, :password_confirmation])
    |> validate_format(:email, ~r/@/)
    |> validate_length(:password, min: 8)
    |> validate_length(:username, min: 4)
    |> validate_confirmation(:password)
    |> unique_constraint(:email)
    |> unique_constraint(:username)
    |> put_password_hash
  end

  def put_password_hash(changeset) do
   case changeset do
     %Ecto.Changeset{valid?: true, changes: %{password: password}} ->
       put_change(changeset, :password_hash, Comeonin.Bcrypt.hashpwsalt(password))
     _ ->
       changeset
   end
 end

Result:

#Ecto.Changeset<
  action: nil,
  changes: %{
    email: "info@test.com",
    password: "test123!",
    password_confirmation: "test123!",
    password_hash: :ok,
    username: "test123"
  },
  errors: [],
  data: #App.Accounts.User<>,
  valid?: true
>

As you can see, the hashed password is :ok instead of the password.

commented

Can you try calling put_password_hash without the other validations?

commented

Also, what versions of comeonin and bcrypt_elixir are you using?

commented

Also, what versions of comeonin and bcrypt_elixir are you using?

If you have updated to bcrypt_elixir version 2, please follow the upgrade guide

commented

I think I know what the issue is, and I have opened #139 to address it

commented

Thank you @riverrun

Fix:
Replace Comeonin.Bcrypt.hashpwsalt with Bcrypt.hash_pwd_salt