#65 ✓resolved
Sean Kirby

Can't update attributes on newly created users

Reported by Sean Kirby | March 24th, 2009 @ 05:22 PM

When running the following code in our rails app (2.1.2) with authlogic 2.0.2:


u = User.create! :login => 'quentin', :password => 'pass', :password_confirmation => 'pass'
u.update_attributes :login => 'quire'

You get the following exception:


BCrypt::Errors::InvalidSalt: invalid salt
	from /usr/lib/ruby/gems/1.8/gems/bcrypt-ruby-2.0.5/lib/bcrypt.rb:36:in `hash_secret'
	from /usr/lib/ruby/gems/1.8/gems/bcrypt-ruby-2.0.5/lib/bcrypt.rb:142:in `=='
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/dirty.rb:161:in `field_changed?'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/dirty.rb:131:in `write_attribute'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/base.rb:2355:in `[]='
	from /home/james/src/packmanager/dev/vendor/plugins/strip_attributes/lib/strip_attributes.rb:8:in `strip_attributes!'
	from /home/james/src/packmanager/dev/vendor/plugins/strip_attributes/lib/strip_attributes.rb:6:in `each'
	from /home/james/src/packmanager/dev/vendor/plugins/strip_attributes/lib/strip_attributes.rb:6:in `strip_attributes!'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/../../activesupport/lib/active_support/callbacks.rb:177:in `call'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/../../activesupport/lib/active_support/callbacks.rb:177:in `evaluate_method'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/../../activesupport/lib/active_support/callbacks.rb:161:in `call'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/../../activesupport/lib/active_support/callbacks.rb:93:in `run'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/../../activesupport/lib/active_support/callbacks.rb:92:in `each'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/../../activesupport/lib/active_support/callbacks.rb:92:in `send'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/../../activesupport/lib/active_support/callbacks.rb:92:in `run'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/../../activesupport/lib/active_support/callbacks.rb:272:in `run_callbacks'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/callbacks.rb:298:in `callback'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/callbacks.rb:263:in `valid?'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/validations.rb:920:in `save_without_dirty!'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/dirty.rb:83:in `save_without_transactions!'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/transactions.rb:110:in `save!'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb:66:in `transaction'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/transactions.rb:79:in `transaction'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/transactions.rb:98:in `transaction'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/transactions.rb:110:in `save!'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/transactions.rb:118:in `rollback_active_record_state!'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/transactions.rb:110:in `save!'
	from /home/james/src/packmanager/dev/vendor/rails/activerecord/lib/active_record/base.rb:2279:in `update_attributes!'
	from (irb):5

However, doing an update_attributes on a User just loaded from the DB doesn't fail. The above code works in authlogic 1.4.3.

Comments and changes to this ticket

  • Sean Kirby

    Sean Kirby March 24th, 2009 @ 05:25 PM

    Forgot to mention that in authlogic 2.0.2 the following DOES work:

    
    u = User.create! :login => 'quentin', :password => 'pass', :password_confirmation => 'pass'
    u.reload.update_attributes :login => 'quire'
    
  • Ben Johnson

    Ben Johnson March 24th, 2009 @ 05:46 PM

    • State changed from “new” to “open”

    Seems to work for me:

    >> u = User.create! :email => "a2@a.com", :password => "test", :password_confirmation => "test", :company => Company.first, :first_name => "Ben", :last_name => "J"
    
    >> u.update_attributes! :email => "neat@neat.com"
    => true
    

    I am also using BCrypt

  • Ben Johnson

    Ben Johnson March 24th, 2009 @ 05:48 PM

    It might be possible that your crypted_password field isn't big enough and the encrypted string is being cut short?

  • Sean Kirby

    Sean Kirby March 24th, 2009 @ 06:40 PM

    It seems like the issue was with our use of the strip_attributes plugin which removes leading and trailing whitespace from all fields in our User model. Not stripping the password_salt field seems to fix the issue.

    We prevented stripping on some of the other fields as well:

    
    strip_attributes! :except => [:crypted_password, :password_salt, :persistence_token, :single_access_token, :perishable_token]
    
  • Ben Johnson

    Ben Johnson March 24th, 2009 @ 06:43 PM

    • State changed from “open” to “resolved”

    Yeah, I think bcrypt relies on a new line at the end or the string.

  • Rodolfo515

    Rodolfo515 January 1st, 2019 @ 04:56 AM

    It’s pretty frustrating to have a name attribute used in all the responses, and sprinkled throughout the actual auth0 UI w/ no ability to actually update the value mypremiercreditcard.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket

Pages