Rails 5 : Devise Gem password Encryption

Question

I am Rails Beginner. I'm trying to use save password using Devise gem. Somehow I see an issue using Bcrypt and as per suggestion i've chosen Devise.

When i installed Devise and trying to save password, It is being saved as plain simple text. Here is the code which i am using.

config.rb

Rails.application.routes.draw do
  devise_for :users #This got added as part of Devise gem usage
  #....  Other different routes
   resources :users, except: [:new] # I am using users controller and generating routes except for new(Sign_up)
   get '/signup', to: 'users#new', as: 'signup' #This is route i wanted for signup
end

Here is the code i am using in my controller.

class UsersController < ApplicationController

    def new
        @user=User.new
    end
    def create
        @user=User.new(user_params)
        #@user=User.new(:password => @user.password).encrypted_password
        if @user.save
            flash[:success]="User "+@user.user_name+" created successfully"
            redirect_to users_path
        else
            render 'new'
        end
    end
    private
    def user_params
        params.require(:user).permit(:user_name,:password,:admin)
    end

end

This is what i gotta see in DB.

User Load (4.0ms)  SELECT  "users".* FROM "users" LIMIT $1  [["LIMIT", 11]]
=> #<ActiveRecord::Relation [#<User id: 3, user_name: "admin", password: "admin", admin: "1", created_at: "2018-03-03 08:52:19", updated_at: "2018-03-03 08:52:19", sign_in_count: 0, current_sign_in_at: nil, last_sign_in_at: nil, current_sign_in_ip: nil, last_sign_in_ip: nil>, #<User id: 4, user_name: "admin2", password: "admin", admin: "1", created_at: "2018-03-03 08:52:36", updated_at: "2018-03-03 08:52:36", sign_in_count: 0, current_sign_in_at: nil, last_sign_in_at: nil, current_sign_in_ip: nil, last_sign_in_ip: nil>]>

I really wonder where the logical connection lies in encryption of password. Being new to Rails i could not understand how is this going to work.

Even i could see the last_sign_up, and ip fields also nil. Bcrypt does it automatically.

I've gone through a few solutions from Stackoverflow, but could not relate them with my problem.

Here is my User Model:

class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  #devise :database_authenticatable, :registerable,
   #      :recoverable, :rememberable, :trackable, :validatable

#has_secure_password
validates :password, presence: true
validates :user_name, presence: true, uniqueness: true

end

Answer 1

To change the route of the registration page you just need to alter the routes:

# top level of your routes.rb
Rails.application.routes.draw do
  devise_scope :user do
    # custom path to sign_up/registration
    get "/signup" => "devise/registrations#new", as: "new_user_registration" 
  end

  # Below for all other routes:
  devise_for :users
end

You do not need to create your own controller to handle registrations. Nor should you at your skill level as there are quite a few more things going on under the hood in Devise like for example signing the user in.

You have also omitted to add the Devise modules to your user model which adds the callbacks that encrypt passwords among other things:

class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable
end

I would suggest you roll back and follow the installation steps more carefully. Then add a few integration tests to make sure its working properly. Don't try to reinvent the wheel.

After that you can try customizing it.

Answer 2

Abdul, just put/uncomment in your model devise :database_authenticatable to Devise use password encryption.

class User < ApplicationRecord
  devise :database_authenticatable

  #has_secure_password
  validates :password, presence: true
  validates :user_name, presence: true, uniqueness: true

end

PS: Devise use two attributes: password and password_confirmation to this.