Creating user in seed.rb file, how to encrypted password like how User.rb does?

Question

My User.rb has a before_save callback that encrypts the user's password, it does:

def set_password
   self.salt = ...
   self.encrypted_password = ...

end

Now when I create my user in the seed, how do I encrypt the password w/o duplicating my code?

Answer 1

I'm concerned about the same issue. In my case, I want to seed the database with an "admin" account so that a user doesn't try to create an account by this name. Even if I were to salt and encrypt the password, I have to seed the database with this information. It'll have to go into the seeds.rb file and if my development or server hard drive is compromised, someone could potentially figure out the password with the salt and encrypted password. If you're ok with that, then you can just choose a salt and encrypt your password based on that, then put the encrypted password in your seeds file.

If this is going into production, you may want to consider seeding these accounts with random salts, random passwords and a fixed email. No one will be able to access these accounts, but you'll be able to reset the user password. I'm assuming you have some sort of password reset system implemented.

This sounds like a pain, I know, but I can't think of another way that's as secure.

Answer 2

Usually you grab the already encrypted password from the database and convert it into a seed. Don't re-implement it, simply duplicate the required value.