Generate CakePHP password in Rails

Question

I'm trying to write the equivalent of

$password = Security::hash('text pw', null, true)

In CakePHP, that creates a security hash that will validate for "text pw" when a user logs in. I tried so far, in Rails:

password = Digest::MD5.hexdigest("text pw")

But that doesn't authenticate when I try to log into the CakePHP app.

Yep, added an answer. It was sha1 but I think this can vary by individual Cake install. SHA1 is probably typical though. — David Ryder, Jan 16 '12 at 22:56

score 2 · Answer 1 · answered Nov 13 '11 at 05:39

2

I like the suggestion above, but it seems you want to do this in Rails. This is a ruby class, so you don't really need any plugins, etc.

  require 'digest/sha1'
  pass_hash = Digest::SHA1.hexdigest("#{self.password}#{salt}")

I'm not 100% sure how cake does it, but referring to cakePhp docs or code should lend you insight there.

How are you trying to log in to a cakePhp app through rails? My assumption is you're trying to move a cakePhp database to Rails? Or perhaps port CakePhp Authentication to rails?

answered Nov 13 '11 at 05:39

Jeff Ancel

3,076
3
32
39

Thanks I think the problem might be that I was a) using the wrong encryption type and b) not sure how to integrate the salt (which is a string defined in our Cake app). I'm using it to create a user via a Rails API that will be able to login to the main CakePHP app. I'll try this tomorrow. – David Ryder Nov 14 '11 at 04:15

score 1 · Accepted Answer · answered Jan 16 '12 at 22:55

1

@Jeff Ancel was really close. This is how Cake does it and what I ended up using:

require 'digest/sha1'
hashed_pw = Digest::SHA1.hexdigest(cake_security_salt + text_password)

Hope that helps someone.

answered Jan 16 '12 at 22:55

David Ryder

1,291
5
14
27

I was working on this last night and got it to work as well. I had a similar solution but I needed to add a function to override valid_password? in my users controller: http://stackoverflow.com/questions/8873398/rails-devise-legacy-users-from-cakephp – Parris Jan 16 '12 at 23:43

score 0 · Answer 3 · answered Nov 13 '11 at 01:14

The security class uses the SHA1 scheme by default, and cakephp also uses a salt which you set in your config.php to generate an even more unique hash. You could replicate it in ruby just find a library that does SHA1 and pass it the same salt as your cakephp app. Or alternatively, you could switch cakephp to use MD5 for it's password hashing with:

Security::setHash('md5'); // or sha1 or sha256.

and also see here from the cakebook - http://book.cakephp.org/view/1254/Change-Hash-Function

Generate CakePHP password in Rails

3 Answers3