88740

must specify an iv attr_encrypted, how to check login and password

Question:

Hi have the following model:

class User < ActiveRecord::Base secret_key = ENV['DB_COL_ENCRYPTED_KEY'] attr_encrypted :email, :key => secret_key attr_encrypted :password, :key => secret_key [...] end

Where I added the 4 cols to my model

rails g migration AddEncryptedColumnsToUser encrypted_email:string encrypted_password:string encrypted_email_iv:string encrypted_password_iv:string

Now I want to check if email and password are correct, but I don't know how to process:

secret_key_data = "my big secret 32 bits key " email = User.encrypt_email("test@test.com", key: secret_key_data) password = User.encrypt_password("test", key: secret_key_data) User.where('(encrypted_email) LIKE ? AND (encrypted_password) LIKE ? ', email,password)

but when I do:

email = User.encrypt_email("test@test.com", key: secret_key_data)

I got this error:

ArgumentError: must specify an iv

Question is, <strong>where do I get the iv from, and how do I encrypt to be able to test in the db if the login is right?</strong>

Thanks a lot!

Answer1:

Some older versions of attr_encrypted have quirky (or no) initial vector (iv) handling. Be aware of the version of attr_encrypted that you are using. I think this is your problem. Try <strong>attr_encrypted v3.1.0</strong> with Rails v4.1.16.

In your migration:

class CreateUsers < ActiveRecord::Migration def change create_table :users do |t| t.string :username, null: false t.string :encrypted_email t.string :encrypted_email_iv t.string :encrypted_password t.string :encrypted_password_iv t.timestamps end end end

In your model:

class User < ActiveRecord::Base attr_encrypted :email, :password, key: 'Some 256-bit key here' end

In your controller:

private # Never trust parameters from the scary internet, only allow the white list through. def server_params params.require(:server).permit(:username, :email, :password) end

This version/configuration works for me.

Recommend

  • Mysql insert query returns ERROR 1062 (23000): Duplicate entry '2147483647' for key '
  • Ruby on Rails: Devise
  • How to use datatable from code behind in jqxgrid
  • getting bad request while using passport in login form
  • Creating A New App For Page
  • Unable to generate call to cell phone using asterisk
  • Finding All Combinations (cartesian product) of list values in vb.net
  • What components I need to create VS 2017 offline layout for UWP development?
  • How do I know what reference to include to import a specific .NET namespace?
  • Error Installing Windows 10 development tools for Visual Studio 2015 RC on Windows 8.1
  • Hibernate - Cannot connect to DB
  • WebApp in AppServices vs CloudService
  • why fullscreen functionality is not working in chrome?
  • How can I make a 100% stacked chart with nvd3?
  • How do i find all references to a user control
  • Launch powershell script from UWP app with FullTrustProcessLauncher class
  • jinja2 template not found and internal server error
  • iOS 6 dateFromString returns wrong date
  • Action Pack components in Rails
  • Create a link to a web page that runs a Javascript function on the page
  • iOS Cordova first plugin - plugin.xml to inject a feature
  • Compress a file with GZipStream while maintaining its meta-data
  • Javascript/Jquery runs fast in desktop browsers, but slow in mobile/smartphone browsers…should I spl
  • Get the number 18437736874454810627
  • How do I retrieve the user information of a user authenticated with Apache's mod_ldap?
  • How can I include If-None-Match header in HttpRequestMessage
  • DIV instruction jumping to random location?
  • C# program and C++ DLL compiled for 32-bit system crash on 64-bit system
  • Object and struct member access and address offset calculation
  • Z3: Convert between FP and BitVector?
  • Parse a date string in a specific locale (not timezone!)
  • How can I sort a a table with VBA with given text condition?
  • Atlas images wrong size on iPad iOS 9
  • Display issues when we change from one jquery mobile page to another in firefox
  • How to get a value (ex: baseURL) in every Karate feature?
  • Statically linking a C++ library to a C# process using CLI or any other way
  • Do I've to free mysql result after storing it?
  • Understanding cpu registers
  • How do I configure my settings file to work with unit tests?
  • How do I use LINQ to get all the Items that have a particular SubItem?