peruse the following: Mac version ruby-1.9.2-p180 :005 > @u=User.find(:first, :conditions=>["login = ?", "rgtest"]) => #<User id: 1068138631, login: "rgtest", crypted_password: "a13970eb729c1f0761242f1995a2d2f7b2e52e5a", salt: "122a37f8c048d7eacb8d62008790be7406c85cdc", email_address: "rgtest", created_at: "2011-07-12 12:03:20", updated_at: "2011-07-12 18:30:08", first_name: "rgtest", last_name: "rgtest"> Windows Version irb(main):001:0> @u=User.find(:first, :conditions=>["login = ?", "rgtest"]) => #<User id: 1068138631, login: "rgtest", crypted_password: "a13970eb729c1f0761242f1995a2d2f7b2e52e5\x00\x00", salt: "122a37f8c048d7eacb8d62008790be7406c85cd\x00\x00", email_address: "rgtest", created_at: "2011-07-12 12:03:20", updated_at: "2011-07-12 18:30:08", first_name: "rgtest", last_name: "rgtest"> irb(main):002:0> Notice the differences between the crypted_password and salt strings returned, this is causing the authentication to fail. Has anyone else seen this or have any ideas how this may be happening? Tom Here is the environment and code: Info: Gemfile gem ''rails'', ''3.0.6'' gem ''activerecord-sqlserver-adapter'' ,''3.0.15 gem ''ruby-odbc'' ,''0.99994'' gem ''mongrel'', ''>=1.2.0.pre2'' gem ''composite_primary_keys'', ''=3.1.0'' Local gems: bstract (1.0.0) actionmailer (3.0.6, 3.0.5) actionpack (3.0.6, 3.0.5) activemodel (3.0.9, 3.0.6, 3.0.5) activerecord (3.0.6, 3.0.5) activerecord-sqlserver-adapter (3.0.15, 3.0.14, 3.0.12, 3.0.10) activeresource (3.0.6, 3.0.5) activesupport (3.0.9, 3.0.6, 3.0.5) arel (2.0.10, 2.0.9) builder (2.1.2) bundler (1.0.10) composite_primary_keys (3.1.10, 3.1.0) daemons (1.0.10) erubis (2.6.6) gem_plugin (0.2.3) i18n (0.5.0) mail (2.2.19, 2.2.15) mime-types (1.16) mongrel (1.2.0.pre2) mysql2 (0.3.6, 0.3.0, 0.2.7, 0.2.6) polyglot (0.3.1) rack (1.2.3, 1.2.2) rack-mount (0.6.14, 0.6.13) rack-test (0.5.7) rails (3.0.6, 3.0.5) railties (3.0.6, 3.0.5) rake (0.9.2, 0.8.7) ruby-odbc (0.99994) sqlite3 (1.3.3) thor (0.14.6) treetop (1.4.9) tzinfo (0.3.29, 0.3.27, 0.3.26, 0.3.25) Crypto parts of the user.rb model def create_salt self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}-- #{login}--") end def encrypt_password create_salt self.crypted_password = encrypt(password) end # Encrypts the password with the user salt def encrypt(password) self.class.encrypt(password, salt) end # Encrypts some data with the salt. def self.encrypt(password, salt) Digest::SHA1.hexdigest("--#{salt}--#{password}--") end def self.authenticate(login, password) u=find(:first, :conditions=>["login = ?", login]) return u if u && u.authenticated?(password) nil end def authenticated?(password) crypted_password == encrypt(password) end def password_required? crypted_password.blank? || !password.blank? end -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Luis Lavena
2011-Jul-13 14:34 UTC
Re: Weird problem between windows and mac versions of some code
On Jul 12, 4:18 pm, Tom <tom.hea...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> peruse the following: > > Mac version > ruby-1.9.2-p180 :005 > @u=User.find(:first, :conditions=>["login = ?", > "rgtest"]) > => #<User id: 1068138631, login: "rgtest", crypted_password: > "a13970eb729c1f0761242f1995a2d2f7b2e52e5a", salt: > "122a37f8c048d7eacb8d62008790be7406c85cdc", email_address: "rgtest", > created_at: "2011-07-12 12:03:20", updated_at: "2011-07-12 18:30:08", > first_name: "rgtest", last_name: "rgtest"> > > Windows Version > irb(main):001:0> @u=User.find(:first, :conditions=>["login = ?", > "rgtest"]) > => #<User id: 1068138631, login: "rgtest", crypted_password: > "a13970eb729c1f0761242f1995a2d2f7b2e52e5\x00\x00", salt: > "122a37f8c048d7eacb8d62008790be7406c85cd\x00\x00", email_address: > "rgtest", created_at: "2011-07-12 12:03:20", updated_at: "2011-07-12 > 18:30:08", first_name: "rgtest", last_name: "rgtest"> > irb(main):002:0> >Questions: 1) Are you accessing the records created from the mac? Or you''re re- creating it from scratch? Are you pulling it from an existing database? 2) Can you tell us what version of Ruby *and* version of OpenSSL are you using in both environments? E.g.: $ ruby -v ruby 1.8.7 (2011-02-18 patchlevel 334) [i686-darwin10.6.0] $ ruby -ropenssl -e "puts OpenSSL::OPENSSL_VERSION" OpenSSL 0.9.8l 5 Nov 2009 3) What "Digest::SHA1.hexdigest("something")" returns to you? $ ruby -rdigest/sha1 -e ''puts Digest::SHA1.hexdigest("something").inspect'' "1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29" Do you see the trailing garbage there? 3) Have you tried doing chomp to remove the trail garbage? -- Luis Lavena -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Thanks Luis. Sorry for not providing the additional info in the first post.> 1) Are you accessing the records created from the mac? Or you''re re- > creating it from scratch? Are you pulling it from an existing > database?I am accessing records created from the Mac and Windows and the results are the same regardless of which source creates them. Examples: created on a mac, read on a mac: => #<User id: 1068138635, login: "umac", crypted_password: "1f305dba421a8b5b789f83fe20427115e081528f", salt: "e9517ee84c0a3945ac07ff59b323f2356b1405d1", email_address: "umac-M/39claqbm0@public.gmane.org", created_at: "2011-07-13 15:51:10", updated_at: "2011-07-13 15:51:10", first_name: "user", last_name: "created on mac"> created on a mac, read on a pc: irb(main):001:0> @u=User.find(:first, :conditions=>["login = ?", "umac"]) => #<User id: 1068138635, login: "umac", crypted_password: "1f305dba421a8b5b789f83fe20427115e081528\x00\x00", salt: "e9517ee84c0a3945ac07ff59b323f2356b1405d\x00\x00" , email_address: "umac-M/39claqbm0@public.gmane.org", created_at: "2011-07-13 15:51:10", updated_at: "2011-07-13 15:51:10", first_name: "user", last_name: "created on mac"> created on a pc, read on a mac: ruby-1.9.2-p180 :003 > @u=User.find(:first, :conditions=>["login = ?", "userpc"]) => #<User id: 1068138636, login: "userpc", crypted_password: "51aa6cba52ed4c5b40da4aad9a66c2082b7cf3f9", salt: "a1d3bc09a0df6cc8a548f8ac8ada5f272d8ab127", email_address: "userpc-M/39claqbm0@public.gmane.org", created_at: "2011-07-13 19:34:27", updated_at: "2011-07-13 19:34:27", first_name: "user", last_name: "createdonapc"> created on a pc, read on a pc: irb(main):002:0> @u=User.find(:first, :conditions=>["login = ?", "userpc"]) => #<User id: 1068138636, login: "userpc", crypted_password: "51aa6cba52ed4c5b40da4aad9a66c2082b7cf3f\x00\x00", salt: "a1d3bc09a0df6cc8a548f8ac8ada5f272d8ab12\x00\x00", email_address: "userpc-M/39claqbm0@public.gmane.org", created_at: "2011-07-13 19:34:27", updated_at: "2011-07-13 19:34:27", first_name: "user", last_name: "createdonapc"> I am creating them from scratch and using a newly created database for this app and Rails 3.0+ 2) Can you tell us what version of Ruby *and* version of OpenSSL are> you using in both environments? E.g.:Mac: Ruby 1.9.2 and Rails 3.0.6,OpenSSL 0.9.8l 5 Nov 2009 PC: Ruby 1.9.2 and Rails 3.0.6,OpenSSL 0.9.8q 2 Dec 2010 3) What "Digest::SHA1.hexdigest("something")" returns to you? Mac: ruby -rdigest/sha1 -e ''puts Digest::SHA1.hexdigest("something").inspect'' "1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29" PC: ruby -rdigest/sha1 -e ''puts Digest::SHA1.hexdigest("something").inspect'' "1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29"> 3) Have you tried doing chomp to remove the trail garbage?No because the problem is not that the garbage is there but the \x00\x00 actually replaces the last character in a valid salt. Thanks for spending your time to look at this. Tom On Jul 13, 10:34 am, Luis Lavena <luislav...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On Jul 12, 4:18 pm, Tom <tom.hea...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > > > > > > > > peruse the following: > > > Mac version > > ruby-1.9.2-p180 :005 > @u=User.find(:first, :conditions=>["login = ?", > > "rgtest"]) > > => #<User id: 1068138631, login: "rgtest", crypted_password: > > "a13970eb729c1f0761242f1995a2d2f7b2e52e5a", salt: > > "122a37f8c048d7eacb8d62008790be7406c85cdc", email_address: "rgtest", > > created_at: "2011-07-12 12:03:20", updated_at: "2011-07-12 18:30:08", > > first_name: "rgtest", last_name: "rgtest"> > > > Windows Version > > irb(main):001:0> @u=User.find(:first, :conditions=>["login = ?", > > "rgtest"]) > > => #<User id: 1068138631, login: "rgtest", crypted_password: > > "a13970eb729c1f0761242f1995a2d2f7b2e52e5\x00\x00", salt: > > "122a37f8c048d7eacb8d62008790be7406c85cd\x00\x00", email_address: > > "rgtest", created_at: "2011-07-12 12:03:20", updated_at: "2011-07-12 > > 18:30:08", first_name: "rgtest", last_name: "rgtest"> > > irb(main):002:0> > > Questions: > > 1) Are you accessing the records created from the mac? Or you''re re- > creating it from scratch? Are you pulling it from an existing > database? > > 2) Can you tell us what version of Ruby *and* version of OpenSSL are > you using in both environments? E.g.: > > $ ruby -v > ruby 1.8.7 (2011-02-18 patchlevel 334) [i686-darwin10.6.0] > > $ ruby -ropenssl -e "puts OpenSSL::OPENSSL_VERSION" > OpenSSL 0.9.8l 5 Nov 2009 > > 3) What "Digest::SHA1.hexdigest("something")" returns to you? > > $ ruby -rdigest/sha1 -e ''puts > Digest::SHA1.hexdigest("something").inspect'' > "1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29" > > Do you see the trailing garbage there? > > 3) Have you tried doing chomp to remove the trail garbage? > > -- > Luis Lavena-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.