0

I've a Rails 4 application with Omniauth Identity and on production I got some of this errors for some users(a few): 

BCrypt::Errors::InvalidHash: invalid hash

I've tested all the identity password_digest with the method hash_valid?

BCrypt::Password.valid_hash?(identity.password_digest)

And there are all good.

So I guess the problem come from the password given by the user but I've any idea where and I can't reproduce the error in development.

The form for log in is a basic one:

= form_tag "/auth/identity/callback?origin=#{request.original_url}", class: "simple_form" do
  .form-group.string
    = text_field_tag :auth_key, nil, class: "string form-control", placeholder: "Email", autofoucs: true
  .form-group.password
    %div
      = password_field_tag :password, nil,  placeholder: "Password"
  %p= submit_tag "Sign in"

Any Idea, thanks?

Axel Manzano
  • 87
  • 2
  • 11

3 Answers3

1

I suspect that you have a blank password stored.

Be sure you are validating that your user enters a password. If you trim whitespace, be sure you trim the password before making sure the string is not empty.

nostromo
  • 1,435
  • 2
  • 17
  • 23
1

BCrypt::Password.create('admin')

User this method

Ali Abbas
  • 498
  • 7
  • 20
0

I my case i stored the password using Rails console like below 

user = User.find(2)
user.encrypted_password = "ilovepeace3"
user.save

and Just after that i encountered the error

BCrypt::Errors::InvalidHash: invalid hash

When i looked into users table I saw that password was saved just like I entered i.e in plain text format (unencrypted) . Then i did the following and Got rid of dirty error :P

 user = User.find_by_email(email)
 user.password     = params[:password]
 user.password_confirmation = params[:password_confirmation]
 user.save
Mani
  • 2,391
  • 5
  • 37
  • 81