peruse the following:
Mac version
ruby-1.9.2-p180 :005 > @u=User.find(:first, :conditions=>["login =
?",
"rgtest"])
=> #<User id: 1068138631, login: "rgtest", crypted_password:
"a13970eb729c1f0761242f1995a2d2f7b2e52e5a", salt:
"122a37f8c048d7eacb8d62008790be7406c85cdc", email_address:
"rgtest",
created_at: "2011-07-12 12:03:20", updated_at: "2011-07-12
18:30:08",
first_name: "rgtest", last_name: "rgtest">
Windows Version
irb(main):001:0> @u=User.find(:first, :conditions=>["login = ?",
"rgtest"])
=> #<User id: 1068138631, login: "rgtest", crypted_password:
"a13970eb729c1f0761242f1995a2d2f7b2e52e5\x00\x00", salt:
"122a37f8c048d7eacb8d62008790be7406c85cd\x00\x00", email_address:
"rgtest", created_at: "2011-07-12 12:03:20", updated_at:
"2011-07-12
18:30:08", first_name: "rgtest", last_name:
"rgtest">
irb(main):002:0>
Notice the differences between the crypted_password and salt strings
returned, this is causing the authentication to fail. Has anyone else
seen this or have any ideas how this may be happening?
Tom
Here is the environment and code:
Info:
Gemfile
gem ''rails'', ''3.0.6''
gem ''activerecord-sqlserver-adapter'' ,''3.0.15
gem ''ruby-odbc'' ,''0.99994''
gem ''mongrel'', ''>=1.2.0.pre2''
gem ''composite_primary_keys'', ''=3.1.0''
Local gems:
bstract (1.0.0)
actionmailer (3.0.6, 3.0.5)
actionpack (3.0.6, 3.0.5)
activemodel (3.0.9, 3.0.6, 3.0.5)
activerecord (3.0.6, 3.0.5)
activerecord-sqlserver-adapter (3.0.15, 3.0.14, 3.0.12, 3.0.10)
activeresource (3.0.6, 3.0.5)
activesupport (3.0.9, 3.0.6, 3.0.5)
arel (2.0.10, 2.0.9)
builder (2.1.2)
bundler (1.0.10)
composite_primary_keys (3.1.10, 3.1.0)
daemons (1.0.10)
erubis (2.6.6)
gem_plugin (0.2.3)
i18n (0.5.0)
mail (2.2.19, 2.2.15)
mime-types (1.16)
mongrel (1.2.0.pre2)
mysql2 (0.3.6, 0.3.0, 0.2.7, 0.2.6)
polyglot (0.3.1)
rack (1.2.3, 1.2.2)
rack-mount (0.6.14, 0.6.13)
rack-test (0.5.7)
rails (3.0.6, 3.0.5)
railties (3.0.6, 3.0.5)
rake (0.9.2, 0.8.7)
ruby-odbc (0.99994)
sqlite3 (1.3.3)
thor (0.14.6)
treetop (1.4.9)
tzinfo (0.3.29, 0.3.27, 0.3.26, 0.3.25)
Crypto parts of the user.rb model
def create_salt
self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--
#{login}--")
end
def encrypt_password
create_salt
self.crypted_password = encrypt(password)
end
# Encrypts the password with the user salt
def encrypt(password)
self.class.encrypt(password, salt)
end
# Encrypts some data with the salt.
def self.encrypt(password, salt)
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
end
def self.authenticate(login, password)
u=find(:first, :conditions=>["login = ?", login])
return u if u && u.authenticated?(password)
nil
end
def authenticated?(password)
crypted_password == encrypt(password)
end
def password_required?
crypted_password.blank? || !password.blank?
end
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
Luis Lavena
2011-Jul-13 14:34 UTC
Re: Weird problem between windows and mac versions of some code
On Jul 12, 4:18 pm, Tom <tom.hea...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> peruse the following: > > Mac version > ruby-1.9.2-p180 :005 > @u=User.find(:first, :conditions=>["login = ?", > "rgtest"]) > => #<User id: 1068138631, login: "rgtest", crypted_password: > "a13970eb729c1f0761242f1995a2d2f7b2e52e5a", salt: > "122a37f8c048d7eacb8d62008790be7406c85cdc", email_address: "rgtest", > created_at: "2011-07-12 12:03:20", updated_at: "2011-07-12 18:30:08", > first_name: "rgtest", last_name: "rgtest"> > > Windows Version > irb(main):001:0> @u=User.find(:first, :conditions=>["login = ?", > "rgtest"]) > => #<User id: 1068138631, login: "rgtest", crypted_password: > "a13970eb729c1f0761242f1995a2d2f7b2e52e5\x00\x00", salt: > "122a37f8c048d7eacb8d62008790be7406c85cd\x00\x00", email_address: > "rgtest", created_at: "2011-07-12 12:03:20", updated_at: "2011-07-12 > 18:30:08", first_name: "rgtest", last_name: "rgtest"> > irb(main):002:0> >Questions: 1) Are you accessing the records created from the mac? Or you''re re- creating it from scratch? Are you pulling it from an existing database? 2) Can you tell us what version of Ruby *and* version of OpenSSL are you using in both environments? E.g.: $ ruby -v ruby 1.8.7 (2011-02-18 patchlevel 334) [i686-darwin10.6.0] $ ruby -ropenssl -e "puts OpenSSL::OPENSSL_VERSION" OpenSSL 0.9.8l 5 Nov 2009 3) What "Digest::SHA1.hexdigest("something")" returns to you? $ ruby -rdigest/sha1 -e ''puts Digest::SHA1.hexdigest("something").inspect'' "1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29" Do you see the trailing garbage there? 3) Have you tried doing chomp to remove the trail garbage? -- Luis Lavena -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Thanks Luis. Sorry for not providing the additional info in the first post.> 1) Are you accessing the records created from the mac? Or you''re re- > creating it from scratch? Are you pulling it from an existing > database?I am accessing records created from the Mac and Windows and the results are the same regardless of which source creates them. Examples: created on a mac, read on a mac: => #<User id: 1068138635, login: "umac", crypted_password: "1f305dba421a8b5b789f83fe20427115e081528f", salt: "e9517ee84c0a3945ac07ff59b323f2356b1405d1", email_address: "umac-M/39claqbm0@public.gmane.org", created_at: "2011-07-13 15:51:10", updated_at: "2011-07-13 15:51:10", first_name: "user", last_name: "created on mac"> created on a mac, read on a pc: irb(main):001:0> @u=User.find(:first, :conditions=>["login = ?", "umac"]) => #<User id: 1068138635, login: "umac", crypted_password: "1f305dba421a8b5b789f83fe20427115e081528\x00\x00", salt: "e9517ee84c0a3945ac07ff59b323f2356b1405d\x00\x00" , email_address: "umac-M/39claqbm0@public.gmane.org", created_at: "2011-07-13 15:51:10", updated_at: "2011-07-13 15:51:10", first_name: "user", last_name: "created on mac"> created on a pc, read on a mac: ruby-1.9.2-p180 :003 > @u=User.find(:first, :conditions=>["login = ?", "userpc"]) => #<User id: 1068138636, login: "userpc", crypted_password: "51aa6cba52ed4c5b40da4aad9a66c2082b7cf3f9", salt: "a1d3bc09a0df6cc8a548f8ac8ada5f272d8ab127", email_address: "userpc-M/39claqbm0@public.gmane.org", created_at: "2011-07-13 19:34:27", updated_at: "2011-07-13 19:34:27", first_name: "user", last_name: "createdonapc"> created on a pc, read on a pc: irb(main):002:0> @u=User.find(:first, :conditions=>["login = ?", "userpc"]) => #<User id: 1068138636, login: "userpc", crypted_password: "51aa6cba52ed4c5b40da4aad9a66c2082b7cf3f\x00\x00", salt: "a1d3bc09a0df6cc8a548f8ac8ada5f272d8ab12\x00\x00", email_address: "userpc-M/39claqbm0@public.gmane.org", created_at: "2011-07-13 19:34:27", updated_at: "2011-07-13 19:34:27", first_name: "user", last_name: "createdonapc"> I am creating them from scratch and using a newly created database for this app and Rails 3.0+ 2) Can you tell us what version of Ruby *and* version of OpenSSL are> you using in both environments? E.g.:Mac: Ruby 1.9.2 and Rails 3.0.6,OpenSSL 0.9.8l 5 Nov 2009 PC: Ruby 1.9.2 and Rails 3.0.6,OpenSSL 0.9.8q 2 Dec 2010 3) What "Digest::SHA1.hexdigest("something")" returns to you? Mac: ruby -rdigest/sha1 -e ''puts Digest::SHA1.hexdigest("something").inspect'' "1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29" PC: ruby -rdigest/sha1 -e ''puts Digest::SHA1.hexdigest("something").inspect'' "1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29"> 3) Have you tried doing chomp to remove the trail garbage?No because the problem is not that the garbage is there but the \x00\x00 actually replaces the last character in a valid salt. Thanks for spending your time to look at this. Tom On Jul 13, 10:34 am, Luis Lavena <luislav...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On Jul 12, 4:18 pm, Tom <tom.hea...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > > > > > > > > peruse the following: > > > Mac version > > ruby-1.9.2-p180 :005 > @u=User.find(:first, :conditions=>["login = ?", > > "rgtest"]) > > => #<User id: 1068138631, login: "rgtest", crypted_password: > > "a13970eb729c1f0761242f1995a2d2f7b2e52e5a", salt: > > "122a37f8c048d7eacb8d62008790be7406c85cdc", email_address: "rgtest", > > created_at: "2011-07-12 12:03:20", updated_at: "2011-07-12 18:30:08", > > first_name: "rgtest", last_name: "rgtest"> > > > Windows Version > > irb(main):001:0> @u=User.find(:first, :conditions=>["login = ?", > > "rgtest"]) > > => #<User id: 1068138631, login: "rgtest", crypted_password: > > "a13970eb729c1f0761242f1995a2d2f7b2e52e5\x00\x00", salt: > > "122a37f8c048d7eacb8d62008790be7406c85cd\x00\x00", email_address: > > "rgtest", created_at: "2011-07-12 12:03:20", updated_at: "2011-07-12 > > 18:30:08", first_name: "rgtest", last_name: "rgtest"> > > irb(main):002:0> > > Questions: > > 1) Are you accessing the records created from the mac? Or you''re re- > creating it from scratch? Are you pulling it from an existing > database? > > 2) Can you tell us what version of Ruby *and* version of OpenSSL are > you using in both environments? E.g.: > > $ ruby -v > ruby 1.8.7 (2011-02-18 patchlevel 334) [i686-darwin10.6.0] > > $ ruby -ropenssl -e "puts OpenSSL::OPENSSL_VERSION" > OpenSSL 0.9.8l 5 Nov 2009 > > 3) What "Digest::SHA1.hexdigest("something")" returns to you? > > $ ruby -rdigest/sha1 -e ''puts > Digest::SHA1.hexdigest("something").inspect'' > "1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29" > > Do you see the trailing garbage there? > > 3) Have you tried doing chomp to remove the trail garbage? > > -- > Luis Lavena-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.