I am having a problem with rails: i’m trying to do an app for password management for personal use and for learning rails and I want the passwords to be encrypted (for now i’m using blowfish algorithm). I’ve installed the crypt gem and written some code, but i am receiving a strange error.
Here’s my code:
app/controller/credentials_controller.rb (scaffolded generate)
def create
@credential = current_user.credentials.build(params[:credential])
respond_to do |format|
if @credential.save
format.html { redirect_to(@credential, :notice => 'Credential was successfully created.') }
format.xml { render :xml => @credential, :status => :created, :location => @credential }
else
format.html { render :action => "new" }
format.xml { render :xml => @credential.errors, :status => :unprocessable_entity }
end
end
end
app/models/credential.rb (in the db i’ve created a salt:string column)
require 'crypt/blowfish'
class Credential < ActiveRecord::Base
before_save :hash_password
before_update :hash_password
after_find :unhash_password
private
def hash_password
self.salt = ActiveSupport::SecureRandom.base64(8)
blowfish = Crypt::Blowfish.new(self.salt)
self.pass = blowfish.encrypt_block(self.pass)
end
def unhash_password
end
end
app/views/credential/_form.html.erb
<%= form_for(@credential) do |f| %>
<% if @credential.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(@credential.errors.count, "error") %> prohibited this credential from being saved:</h2>
<ul>
<% @credential.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul >
</div>
<% end %>
<div class="field">
<%= f.label :servizio %><br />
<%= f.text_field :servizio %>
</div>
<div class="field">
<%= f.label :url %><br />
<%= f.text_field :url %>
</div>
<div class="field">
<%= f.label :email %><br />
<%= f.text_field :email %>
</div>
<div class="field">
<%= f.label :utente %><br />
<%= f.text_field :utente %>
</div>
<div class="field">
<%= f.label :pass %><br />
<%= f.text_field :pass %>
</div>
<div class="field">
<%= f.label :note %><br />
<%= f.text_area :note %>
</div>
<div class="field">
<%= collection_select(:credential, :group_id, current_user.groups, :id, :nome, prompt => 'Seleziona Gruppo') %>
</div>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
the error is:
`Action Controller: Exception caught
NoMethodError in CredentialsController#create
undefined method '%' for true:TrueClass
app/models/credential.rb:17:in 'hash_password'
app/controllers/credentials_controller.rb:47
app/controllers/credentials_controller.rb:46:in 'create'
note: if in credential model
def hash_password
self.salt = ActiveSupport::SecureRandom.base64(8)
plainBlock = "ABCD1234"
blowfish = Crypt::Blowfish.new(self.salt)
self.pass = blowfish.encrypt_block(plainBlock)
end
it works, but the password (obviously) is always ABCD1234. the code above, mean that the problem is self.pass in blowfish.encrypt_block function.
What am I doing wrong?
If I skip the before_save function it works as a non-encrypted password, so i exclude routes-related problems.
thank you very much!
best regards!
ps: i’m using Rails 3.0.8
ps: i’m following this page http://crypt.rubyforge.org/blowfish.html
i have the solution. the problems was:
in this case, self.salt has to be 56 bytes length, because blowfish require a 56byte key.
in blofwish, self.pass has to be 8 bytes length
best regards and thanks for your support