开发者

How to auto-generate passwords in Rails Devise?

I am trying out how Devise works with one of my projects for user authentication. There is a user requirement that their admin should be able to generate a batch of username and user's password from time to time, and then the admin will email the new username and password to his users.开发者_开发知识库

Assume the admin has the knowledge of direct SQL on the MySQL database, how can the generated usernames/passwords recognized by Devise? Thanks!


Use the Devise.friendly_token method:

password_length = 6
password = Devise.friendly_token.first(password_length)
User.create!(:email => 'someone@something.com', :password => password, :password_confirmation => password)

FYI: Devise.friendly_token returns a 20 character token. In the example above, we're chopping off the first password_length characters of the generated token by using the String#first method that Rails provides.


One option would be to use the Devise.generate_token. I.e.

password = User.generate_token('password')
User.create!(:email => 'someone@something.com', :password => password, :password_confirmation => password)

This option has not been available in Devise for quite a while. Please refer to the other answer (friendly_token).


I'm using devise-security gem and have specefic password_complexity requirements as follows:

config.password_complexity = { digit: 1, lower: 1, upper: 1 }

If you use this code: Devise.friendly_token.first(password_length) to generate the password, you are not always guaranteed to get a password that matches your complexity.

So I wrote a password generator that will respect your password_complexity and will generate a random complaint password:

class PasswordGenerator
  include ActiveModel::Validations
  validates :password, 'devise_security/password_complexity': Devise.password_complexity
  attr_reader :password

  def initialize
    @password = Devise.friendly_token.first(Devise.password_length.first) until valid?
  end
end

You can use it as follows:

PasswordGenerator.new.password # "qHc165ku"


(quick caveat: I'm a rails newb)

I tried the generate_token but it doesn't do what you think (look at the docs)

(I'm using rails 3.0.5, and devise 1.1.7)

What I found is that Devise will generate all that stuff for you in the background when you do:

User.create!(:email => "me@example.com", :password => "password")

Devise should create the encrypted_password, and salt for you. (pop open a console and try it out there)

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜