Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Ruby User Authentication with Rails Password Hashing and Sign In Using has_secure_password

CHI WAI YIP
CHI WAI YIP
10,438 Points
Posted by CHI WAI YIP
CHI WAI YIP
10,438 Points

Why not password_digest but :password and :password_confirmation?

Hi all,

in this course, Jason changed the strong parameters password_digest to :password, :password_confirmation in user_controller.rb.

What's that mean? Doesn't password_digest include presence and confirmation of password ?

CHI WAI YIP
CHI WAI YIP
10,438 Points
CHI WAI YIP
CHI WAI YIP
10,438 Points

I think I figure out that.. because he add the

"password" => "pasword1234", "password_confirmation" => "pasword1234"

in users_controller_spec.rb

1 Answer

Maciej Czuchnowski
Maciej Czuchnowski
36,441 Points
Maciej Czuchnowski
Maciej Czuchnowski
36,441 Points

Basically, when using bcrypt gem and has_secure_password method, you need a database column password_digest (it does not store the password, just a digest), but in your interface with the user, you need password and password_confirmation (in your form and strong parameters). More documentation:

http://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html