Reputation: 19476
Devise reset password in database?
I'd like to reset a user's password directly in the database. I can see that the passwords are typically stored as an encrypted hash- what are my choices?
I'm using Devise.
Upvotes: 2
Views: 1496
Answers (2)
Reputation: 7167
@cjm2671, short answer is no and you shouldn't. See how Devise does it in https://github.com/plataformatec/devise/blob/master/lib/devise/models/database_authenticatable.rb#L4
# Verifies whether an password (ie from sign in) is the user password.
def valid_password?(password)
return false if encrypted_password.blank?
bcrypt = ::BCrypt::Password.new(encrypted_password)
password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt)
Devise.secure_compare(password, encrypted_password)
end
Why do you want to do it directly on the DB?
If you must, you will need BCrypt on the database (e.g. pgcrypto for PostgreSQL) and the value of self.class.peper. I'm assuming bcrypt.salt will be provided by BCrypt.
UPDATE:
I'm starting to doubt is possible, I jump to quickly to pgcrypto, but it doesn't seem to do what you want.
Upvotes: 1
Reputation: 1820
Just noticed that you said 'directly in the database'. Then the 1st comment you got works best.
If you still could do it through rails (e.g. in a migration) you could try this:
user = User.find(...)
# set plain text password, it will run 'encrypted_password=' under the hood
user.password = "new password"
user.save
after that you may want to send email notifications or resetting authentication_token, depending on your case.
Upvotes: 3
Related Questions
- Devise password reset from Rails console
- Reset Password Issue with Devise
- Change Devise Password Manually
- Devise Password Reset Issue Rails 4
- Ruby on Rails Devise Reset Password Issue
- Devise - Recoverable (Password Reset)
- Devise update password
- Devise: allow users to reset password only
- Devise Gem in Ruby on Rails Reset password link?
- Rails devise reset password not working