josevalim
commented
9 years ago Can you please provide a sample application that reproduces the error?
Closed jakesorce closed 9 years ago
josevalim
commented
9 years ago Can you please provide a sample application that reproduces the error?
jakesorce
commented
9 years ago this is on our production application and it's a private repo. I've done some more digging and maybe this info will help.
I have a much more simple application that uses the same version of devise and has no issues with special characters.
The only difference between my application that doesn't have issues with special characters and the one that does have issues is: I didn't generate the devise controllers on the one that doesn't have issues.
Does this help?
josevalim
commented
9 years ago No, that should not cause it. Please provide an application that reproduces the error, otherwise there isn't much we can do. Thank you.
pobocks
commented
9 years ago I've recently had a similar issue, and wanted to provide more information, in case, at a minimum, that it helps @jakesorce diagnose his own.
I have a devise application which worked perfectly everywhere except QA. On QA, a user with a bang in their password wouldn't be able to log in, with warden_message=:invalid.
I instrumented valid_password?, and the right string was getting to Bcrypt. I tested with valid_password? in the console, and it returned true. I still have no idea why it was refusing to let users sign in.
The quality environment was set up without a pepper. When I added a pepper to my devise config, it started working.
The application in question is here: https://github.com/harvard-library/linkomatic
jakesorce
commented
9 years ago @pobocks - uncommented the pepper line in the devise.rb config file and special characters work. Thank you!
jakesorce
commented
9 years ago @josevalim @pobocks - we uncommented the config.pepper line in the devise.rb file and now it is letting us create and login with special character passwords. We are now having an issue where existing users cannot login. Is there a workaround for our existing users so they can continue to login without having to change their password?
pobocks
commented
9 years ago As far as I know, no - the pepper is used for hashing the password - changing it means every password needs to be changed. On May 19, 2015 4:06 PM, "Jake Sorce" notifications@github.com wrote:
@josevalim https://github.com/josevalim @pobocks https://github.com/pobocks - we uncommented the config.pepper line in the devise.rb file and now it is letting us create and login with special character passwords. We are now having an issue where existing users cannot login. Is there a workaround for our existing users so they can continue to login without having to change their password?
— Reply to this email directly or view it on GitHub https://github.com/plataformatec/devise/issues/3565#issuecomment-103652802 .
Hello,
I'm having an issue with special characters in passwords. The user can sign up with a special character in their password but when they go to login it gives a 401 unauthorized error. If I change the password to remove the special character and try to login it works just fine. I will provide any info necessary to get this resolved please let me know.
Devise Version: 3.4.1 Warden Version: 1.2.3 Rails Version: 4.0.13