search

alodes999 / 7-20-restful-exercises

Restful Exercises/Atomics
0 stars 0 forks source link

Issue with Heroku/Validation #2

Open alodes999 opened 9 years ago

alodes999 commented 9 years ago

Our Heroku app is passing back errors when we send our verify_login route. Our route handler is:

post "/verify_login" do
  attempted_password = params["user"]["password"]
  @user = User.where("email" => params["user"]["email"])

  # Assuming there is a user with the given email address...
  # Make a new BCrypt object with the **password from the database**.
  actual_password = BCrypt::Password.new(@user[0].password)

  session[:user_id] = @user[0].id
  # So, an example:
  # actual_password = BCrypt::Password.new("$2a$10$87jFZs7pY2Fh33HR.lA9ouVLzevh45esv0UjdYF/b1jOGKC.YtfG2")

  if actual_password == attempted_password
    redirect "/users/#{@user[0].id}/stories"
  else
    @user.errors << "Invalid login."

    erb :"/home/login"
  end
end

Our heroku log is saying:

2015-07-20T22:44:13.000325+00:00 app[web.1]: 2015-07-20 22:44:13 - BCrypt::Errors::InvalidHash - invalid hash:
2015-07-20T22:44:13.000334+00:00 app[web.1]:    /app/controllers/home_controller.rb:23:in `block in <top (required)>'
2015-07-20T22:44:13.000333+00:00 app[web.1]:    /app/controllers/home_controller.rb:23:in `new'

as the top 3 lines in the error log.

When we do this route through rackup locally, it works with no issue. Is this perhaps a sqlite3 vs postgres issue where they are returning slightly different things and Heroku isn't liking what it's getting back?

sumeetjain commented 9 years ago

It sounds like whatever @user[0].password is returning is not a valid hash for BCrypt to read from. Have you verified what that actually is on Heroku? Have you tried it with a different user? Have you ensured that you're not operating from an assumption that the data on Heorku is the same as data locally?

alodes999 commented 9 years ago

Locally, it isn't a hash that @user[0].password returns, but a string of the encrypted password. I guess I don't get why that is acceptable locally, but not through Heroku? Is the best (only?) way to see what is returned through routes on Heroku the logs generated?

sumeetjain commented 9 years ago

Ah, I caused some confusion. When I wrote is not a valid hash for BCrypt to read from I meant 'hash' as in an encrypted digest – not a set of key/value pairs.

Is the best (only?) way to see what is returned through routes on Heroku the logs generated?

Pretty much. A simple puts ... in your controller code will accomplish that.