Reputation: 59
Rails, sorcery: can I not hash the password at all?
So, I went into the Sorcery source code and discovered that it already does, without telling anyone, what Devise recommends doing for testing purposes: Set BCrypt stretches to 1.
Woohoo. However, it's still rather painful to create users. Is there a way, with sorcery, to not hash at all when creating a user?
Upvotes: 0
Views: 262
Answers (2)
Reputation: 8840
You can set a config option for sorcery. In an initializer:
config.encryption_algorithm = :none
List of default providers here: https://github.com/NoamB/sorcery/blob/master/lib/sorcery/model.rb
Config talked about here: https://codeclimate.com/github/NoamB/sorcery/Sorcery::CryptoProviders
Upvotes: 0
Reputation: 62648
Sorcery allows you to override the encryption provider. Just have a support file that sets User.custom_encryption_provider = Sorcery::CryptoProviders::SHA1, or similar.
Make sure that this is only used in tests, obviously. You still want strong bcrypt for production. It might not be a bad idea to have tests that perform user creation with bcrypt still in place, too, so you don't have a disparity between your test and production code.
Upvotes: 0
Related Questions
- How can I access Sorcery in my RSpec tests?
- Bcrypt Invalid Hash in rspec while testing if user should hash a user's password
- Rspec - Is it possible to stub a hash
- Mock out a hash in Rails/Rspec
- Testing authentication with Sorcery and RSpec
- Testing controllers with rspec, authenticated with Sorcery
- Sorcery manually encrypting password
- Password format in rails
- Sorcery fails to log in in RSpec
- rspec asserting encrypted password not plain text