On Wednesday, June 27, 2012 7:57:59 AM UTC-7, faemino wrote:
>
> Hi to all!
>
> Sorry, but I'm ruby & sequel beginner. I have a problem with the
> before_update callback. I've read the doc pages and I've searched in this
> google group without luck.
>
> I have the next sequel model:
>
> class User < Sequel::Model(DB[:users])
> plugin :validation_helpers
>
> def validate
> super
> validates_presence [:email, :password, :nickname]
> end
>
> def before_create
> self[:id] ||= UUID.create
> self[:password] = Digest::SHA1.hexdigest(self[:password])
> self[:created] ||= Date.today
> self[:created_extended] ||= DateTime.now
> super
> end
> end
>
>
> I want to encrypt the password inside the before_update hook only if new
> password has been set.
> If the update method not set a password, self[:password] have the current
> password. But if the update method, self[:password] have the new password.
>
> Can you point me any way to get the old password to compare it with the
> new one without doing another find inside the before_update? something like
> ||= maybe?
>
>
First, your use of unsalted SHA1 hashes for passwords is a really bad
idea. Please use a hash designed for password storage, such as bcrypt. If
you don't understand why, please read up on how to securely store passwords
(e.g. http://codahale.com/how-to-safely-store-a-password/). If you still
don't understand why, please let someone who does understand why implement
your security, instead of attempting to do so yourself.
Next, to solve your issue, I recommend a different strategy, have the
setter method do the hashing:
class User < Sequel::Model(DB[:users])
def password=(v)
# Again, don't use SHA1, use bcrypt or something secure
super(Digest::SHA1.hexdigest(self[:password]))
end
end
This avoids the problem you are having, and also allows you to get rid of
the password setting in before_create.
If you really want to get the previous value of a column, after the column
has been changed, you probably want to use the dirty plugin.
Thanks,
Jeremy
--
You received this message because you are subscribed to the Google Groups
"sequel-talk" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/sequel-talk/-/N70r9GxVZI0J.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/sequel-talk?hl=en.
