Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

Ruby User Authentication with Rails Password Hashing and Sign In Using has_secure_password

CHI WAI YIP
CHI WAI YIP
10,438 Points
Posted by CHI WAI YIP
CHI WAI YIP
10,438 Points

Why not password_digest but :password and :password_confirmation?

Hi all,

in this course, Jason changed the strong parameters password_digest to :password, :password_confirmation in user_controller.rb.

What's that mean? Doesn't password_digest include presence and confirmation of password ?

CHI WAI YIP
CHI WAI YIP
10,438 Points
CHI WAI YIP
CHI WAI YIP
10,438 Points

I think I figure out that.. because he add the

"password" => "pasword1234", "password_confirmation" => "pasword1234"

in users_controller_spec.rb

1 Answer

Maciej Czuchnowski
Maciej Czuchnowski
36,440 Points
Maciej Czuchnowski
Maciej Czuchnowski
36,440 Points

Basically, when using bcrypt gem and has_secure_password method, you need a database column password_digest (it does not store the password, just a digest), but in your interface with the user, you need password and password_confirmation (in your form and strong parameters). More documentation:

http://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html