Closed jakesorce closed 9 years ago
Can you please provide a sample application that reproduces the error?
this is on our production application and it's a private repo. I've done some more digging and maybe this info will help.
I have a much more simple application that uses the same version of devise and has no issues with special characters.
The only difference between my application that doesn't have issues with special characters and the one that does have issues is: I didn't generate the devise controllers on the one that doesn't have issues.
Does this help?
No, that should not cause it. Please provide an application that reproduces the error, otherwise there isn't much we can do. Thank you.
I've recently had a similar issue, and wanted to provide more information, in case, at a minimum, that it helps @jakesorce diagnose his own.
I have a devise application which worked perfectly everywhere except QA. On QA, a user with a bang in their password wouldn't be able to log in, with warden_message=:invalid.
I instrumented valid_password?, and the right string was getting to Bcrypt. I tested with valid_password? in the console, and it returned true. I still have no idea why it was refusing to let users sign in.
The quality environment was set up without a pepper. When I added a pepper to my devise config, it started working.
The application in question is here: https://github.com/harvard-library/linkomatic
@pobocks - uncommented the pepper line in the devise.rb config file and special characters work. Thank you!
@josevalim @pobocks - we uncommented the config.pepper line in the devise.rb file and now it is letting us create and login with special character passwords. We are now having an issue where existing users cannot login. Is there a workaround for our existing users so they can continue to login without having to change their password?
As far as I know, no - the pepper is used for hashing the password - changing it means every password needs to be changed. On May 19, 2015 4:06 PM, "Jake Sorce" notifications@github.com wrote:
@josevalim https://github.com/josevalim @pobocks https://github.com/pobocks - we uncommented the config.pepper line in the devise.rb file and now it is letting us create and login with special character passwords. We are now having an issue where existing users cannot login. Is there a workaround for our existing users so they can continue to login without having to change their password?
— Reply to this email directly or view it on GitHub https://github.com/plataformatec/devise/issues/3565#issuecomment-103652802 .
Hello,
I'm having an issue with special characters in passwords. The user can sign up with a special character in their password but when they go to login it gives a 401 unauthorized error. If I change the password to remove the special character and try to login it works just fine. I will provide any info necessary to get this resolved please let me know.
Devise Version: 3.4.1 Warden Version: 1.2.3 Rails Version: 4.0.13