The BCrypt library is used under the hood by gems like Devise in order to work with passwords securely. You can use it to salt and hash a plain text password. You can also use it to check whether an encrypted password matches some input password.
> include BCrypt
=> Object
> encrypted_pass = Password.create('password')
=> "$2a$10$te3Y8wdSXf8/gWDeSP5z9eut7alThnuTvq1SvgQyJ1C57F.qit1uq"
> Password.new(encrypted_pass) == "not_my_pass"
=> false
> Password.new(encrypted_pass) == "password"
=> true
The Password.create
method will salt and hash the given password. The
resulting encrypted password, if it is an instance of Password
, can be
directly compared to a string. For good measure, in case the encrypted
password is a string, you can wrap it in a call to Password.new
to ensure
you are working with a Password
instance.