On Wednesday, June 27, 2012 7:57:59 AM UTC-7, faemino wrote:
>
> Hi to all!
>
> Sorry, but I'm ruby & sequel beginner. I have a problem with the 
> before_update callback. I've read the doc pages and I've searched in this 
> google group without luck.
>
> I have the next sequel model:
>
>   class User < Sequel::Model(DB[:users])
>     plugin :validation_helpers
>     
>     def validate
>       super
>       validates_presence [:email, :password, :nickname]
>     end
>
>     def before_create
>       self[:id] ||= UUID.create
>       self[:password] = Digest::SHA1.hexdigest(self[:password])
>       self[:created] ||= Date.today
>       self[:created_extended] ||= DateTime.now
>       super
>     end
>   end
>
>
> I want to encrypt the password inside the before_update hook only if new 
> password has been set. 
> If the update method not set a password, self[:password] have the current 
> password. But if the update method, self[:password] have the new password.
>
> Can you point me any way to get the old password to compare it with the 
> new one without doing another find inside the before_update? something like 
> ||= maybe?
>
>
First, your use of unsalted SHA1 hashes for passwords is a really bad 
idea.  Please use a hash designed for password storage, such as bcrypt.  If 
you don't understand why, please read up on how to securely store passwords 
(e.g. http://codahale.com/how-to-safely-store-a-password/).  If you still 
don't understand why, please let someone who does understand why implement 
your security, instead of attempting to do so yourself.  

Next, to solve your issue, I recommend a different strategy, have the 
setter method do the hashing:

  class User < Sequel::Model(DB[:users])
    def password=(v)
      # Again, don't use SHA1, use bcrypt or something secure
      super(Digest::SHA1.hexdigest(self[:password])) 
    end
  end

This avoids the problem you are having, and also allows you to get rid of 
the password setting in before_create.

If you really want to get the previous value of a column, after the column 
has been changed, you probably want to use the dirty plugin.

Thanks,
Jeremy

-- 
You received this message because you are subscribed to the Google Groups 
"sequel-talk" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/sequel-talk/-/N70r9GxVZI0J.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/sequel-talk?hl=en.

Reply via email to