问题
I am migrating users table from a laravel application to a ruby SSO server, and I am using BCrypt to validate passwords in ruby.
The problem i am facing is that passwords do not match because the Hash generated by laravel starts with $2y$10..... and my BCrypt generates a hash $2a$10....
The versions between the two hashes do not match.
Ruby BCrypt shows version 2a, instead laravel 2y
How can i bring them on the same version so i can do user authentication in ruby like this?
BCrypt::Password.new(user.send(password_column.to_sym)) == @password
This should return true, but instead returns false.
BCrypt::Password.new('$2y$10$tKrgxXzN.naFD3r//yX9/O5uJmGRA9lzlcoPgK.F8REX.kx9xOesS') == "Test1111!"
回答1:
The PHP crypt method uses a non-standard notation for bcrypt-hashed entries. You need to correct this:
hash = '$2y$10$tKrgxXzN.naFD3r//yX9/O5uJmGRA9lzlcoPgK.F8REX.kx9xOesS'
BCrypt::Password.new(hash.sub(/\A\$2y/, '$2a')) == "Test1111!"
# => true
There was a bug in PHP's crypto library so 2y represents the fixed version.
来源:https://stackoverflow.com/questions/36164875/migrating-users-table-from-laravel-to-ruby-and-using-bcrypt-to-decode-passwords