So I'm still working through AWDwR and I've just completed the
authentication section for users. I understand the idea behind salts
and general authentication. The part I feel I'm missing is when the
first salt is created and stored to the db.
(I can post the code but I assume anyone whos read the book knows what
I'm referring to)
In the users_controller I see the new user model being created, passed
the parameters from the form and then saved. But non of the parameters
are the salt. Nor did this function call the salt creation method in
the user model. So I just don't get when the salt is actually
generated to be saved to the database.
Then to my understanding when the user logs in. The salt is pulled
from the db concatenated onto the plain text password submitted by the
form, SHA1 digested and compared to the hashed_password field in the
db. Which makes sense.