migrate from devise passwords to java

Question

I have system created in rails with devise. I need to rewrite it's authentication logic to java. Problem is, I don't know how is rails encrypted password generated. I need this knowledge to create similar method in java to authenticate against encrypted passwords already strored in database.

Thx for help.

You should take a look at the devise source code. It's well-commented, so it's not too difficult to see what's going on. A starting point for you might be 'path/to/devise/lib/devise/strategies/authenticatable.rb'. — cdesrosiers, Oct 28 '12 at 17:19
I found class, but it looks like wrapper for other library. I'm searching for lines when password from browser (request) is taken and encryptedPassword value is created. — Mateusz, Oct 28 '12 at 17:59
digging in code of devise, it looks like devise/encryptors/sha512.rb is file where magic happens .. hmm? — Mateusz, Oct 28 '12 at 18:23

score 3 · Accepted Answer · edited May 23 '17 at 10:31

3

After couple hours of diging I found that it's enough to use following line:

BCrypt.checkpw(plainTextPassword, encryptedPassword)

You don't need to understand which part of database stored string is salt, stretches, etc. I still don't fully understand what are the parts of string: $2a$10$IAB6DfjYD4mbHiGWHB6YAOJqSwie1kLJNTl/bKQasb.ZJ.hj8VdTq which is devise stored version of 123456 password ;)

This post helped me to understand what I need to do.

edited May 23 '17 at 10:31

Community

1
1

answered Oct 28 '12 at 20:21

Mateusz

1,149
1
16
33

1

Is there something similar like Ruby's Devise but in Java? – Green Jul 19 '13 at 01:48

migrate from devise passwords to java

1 Answers1