When you check equality on a BCryptHash, you're supposed to call
BCrypt::Password#==, which happens when you call u.password ==
u.password_confirmation because--as your test in problem #2 reveals,
password is a BCrypt::Password.
But when you call u.password_confirmation == u.password, what you're
really calling is String#==, which doesn't know how to compare a
string with a BC::P.
I'm not positive about problem #2, but if I had to guess, it's because
password_confirmation is also a BC::P. validates_confirmation_of calls
BC::P#==, which converts the password_confirmation--that's already
been hashed--to a string (BC::P#to_s), then hashes it again. I think
setting password_confirmation to the password string directly ("test")
should make the confirmation validation pass.
-rp
On Jun 28, 2010, at 8:41 AM, Paul Barry wrote:
Anyone have any comments on this?
http://gist.github.com/455346
--
You received this message because you are subscribed to the Google
Groups "DataMapper" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected]
.
For more options, visit this group at http://groups.google.com/group/datamapper?hl=en
.
--
You received this message because you are subscribed to the Google Groups
"DataMapper" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/datamapper?hl=en.
