问题
For the purpose of a new web app, I would need on my sign up page (which is administrator only) just only one email field.
The thing is that I'm totally new at rails and so even basics things like that are for me really difficult...
I created my authentification using Railscast #270 which uses has_secure_password method. For now, everything works great except that I dont need all this bullcrap... I also want to use Action Mailer to send the generated password to his email adress. A hex(8) password would be perfect (I have seen SecureRandom but it seems to be depreciated)
Users_Controller:
class UsersController < ApplicationController
skip_before_filter :is_connected?, :only => [:new, :create]
def new
@user = User.new
end
def create
@user = User.new(params[:user])
if @user.save
# Tell the Mailer to send a welcome Email after save
Mailer.confirm_email(@user).deliver
redirect_to root_url, :notice => "Signed up!"
else
render "new"
end
end
end
User_model:
class User < ActiveRecord::Base
attr_accessible :email
has_secure_password
validates_presence_of :password, :email, :on => :create
end
For now, in my view, I have 2 fields. But as I said earlier, I only want one. I would like to keep using has_secure_password which seems to offer a pretty good security regarding hash/salt.
回答1:
Rails provides ActiveSupport::SecureRandom which either (depending on the Ruby version) is just a bridge to Ruby's SecureRandom or reimplemented it on older versions of Ruby (if my memory is correct SecureRandom was added in 1.8.7)
Now that all of the versions of Ruby that Rails supports have SecureRandom built-in ActiveSupport::SecureRandom is no longer needed and has been deprecated. SecureRandom itself is going nowhere -
require 'securerandom'
SecureRandom.hex(8)
should do fine (you might want to consider SecureRandom.urlsafe_base64 for a more compact representation of the same amount of actual randomness)
回答2:
Here is one simple code for random password with lenth 8
rand_password=('0'..'z').to_a.shuffle.first(8).join
Hope it will help.
回答3:
Sometimes things from Rails are deprecated because they duplicate functionality that has been added to Ruby core, and SecureRandom seems to be one of those things.
You can use any of those random generator methods to produce a one-time-use password.
回答4:
To Create Random and unique token/password
class User < ActiveRecord::Base
before_create :generate_password
def generate_password
self.password = loop do
random_token = SecureRandom.urlsafe_base64
# If you are using FFaker gem then you can use it otherwise
# SecureRandom is great choice
# random_token = FFaker::Internet.password
break random_token unless User.exists?(password: random_token)
end
end
end
The main object here is to generate random token and do not repeat that token in the database. It can be really useful for some cases like generating unique token, unique invoice number, etc
来源:https://stackoverflow.com/questions/9066245/randomly-generated-password-rails-3-1