Retrieving password when the password stored as a hash value

Question

Can users request that their password be emailed to themselves if the password is stored as a hash value?

Is there any way to convert a hash value to the clear text

Answer 1

To do this you must have a model with the fields:

Hashed_password
Salt

And you need to know the method user to hash the password( Here I use SHA1) Then you can define in your controller:

def self.encrypted_password(password, salt)
   string_to_hash = password + "wibble" + salt
   Digest::SHA1.hexdigest(string_to_hash)
end

Next you can compare:

user.Hashed_password == encrypted_password(password, user.salt)

True means that "password" is the password for the user "user"