Rails: BCrypt::Errors::InvalidSalt: invalid salt

Question

Loosely following Ryan Bates's How I Test Railscast to implement sending an email confirmation token to users when they sign up.

class User < ActiveRecord::Base
  has_secure_password
  strip_attributes except: [:password, :password_confirmation]
  ...

  def send_email_confirmation
    generate_token(:email_token)
    self.email_token_sent_at = Time.zone.now
    save!
    UserMailer.email_confirmation(self).deliver
  end

  private
    def generate_token(column)
      begin
        self[column] = SecureRandom.urlsafe_base64
      end while User.exists?(column => self[column])
    end
end

This is failing (in feature specs and when manually clicking through sign-up process) with:

Failures:

  1) UserPages sign up with valid information should create a user
     Failure/Error: expect { click_button submit }.to change(User, :count).by(1)
     BCrypt::Errors::InvalidSalt:
       invalid salt
     # ./app/models/user.rb:70:in `send_email_confirmation'
     # ./app/controllers/users_controller.rb:27:in `create'
     # ./spec/features/user_pages_spec.rb:165:in `block (5 levels) in <top (required)>'
     # ./spec/features/user_pages_spec.rb:165:in `block (4 levels) in <top (required)>'

I've tried reinstalling bcrypt gem (as suggested elsewhere even though it was Devise related and I'm not using Devise): gem uninstall bcrypt-ruby and then gem install bcrypt-ruby but to no avail. ideas?

Answer 1

Gem strip_attributes is responsible for such behavior.

Solution

Exclude :password_digest attribute from stripping like below:

strip_attributes except: [:password_digest]

Answer 2

We hit this error and it was because we were trying to perform a write operation in a k8s pod that only had read access to the database.

I'm sure this isn't the answer to the original question, but I came across this question when we were trying to figure out what was causing this error for us so I wanted to share.