Weird problem between windows and mac versions of some code

rubyonrails-talk
1

peruse the following:

Mac version ruby-1.9.2-p180 :005 > @u=User.find(:first, :conditions=>["login = ?", "rgtest"]) => #<User id: 1068138631, login: "rgtest", crypted_password: "a13970eb729c1f0761242f1995a2d2f7b2e52e5a", salt: "122a37f8c048d7eacb8d62008790be7406c85cdc", email_address: "rgtest", created_at: "2011-07-12 12:03:20", updated_at: "2011-07-12 18:30:08", first_name: "rgtest", last_name: "rgtest">

Windows Version irb(main):001:0> @u=User.find(:first, :conditions=>["login = ?", "rgtest"]) => #<User id: 1068138631, login: "rgtest", crypted_password: "a13970eb729c1f0761242f1995a2d2f7b2e52e5\x00\x00", salt: "122a37f8c048d7eacb8d62008790be7406c85cd\x00\x00", email_address: "rgtest", created_at: "2011-07-12 12:03:20", updated_at: "2011-07-12 18:30:08", first_name: "rgtest", last_name: "rgtest"> irb(main):002:0>

Notice the differences between the crypted_password and salt strings returned, this is causing the authentication to fail. Has anyone else seen this or have any ideas how this may be happening?

Tom

Here is the environment and code: Info: Gemfile gem 'rails', '3.0.6' gem 'activerecord-sqlserver-adapter' ,'3.0.15 gem 'ruby-odbc' ,'0.99994' gem 'mongrel', '>=1.2.0.pre2' gem 'composite_primary_keys', '=3.1.0'

Local gems: bstract (1.0.0) actionmailer (3.0.6, 3.0.5) actionpack (3.0.6, 3.0.5) activemodel (3.0.9, 3.0.6, 3.0.5) activerecord (3.0.6, 3.0.5) activerecord-sqlserver-adapter (3.0.15, 3.0.14, 3.0.12, 3.0.10) activeresource (3.0.6, 3.0.5) activesupport (3.0.9, 3.0.6, 3.0.5) arel (2.0.10, 2.0.9) builder (2.1.2) bundler (1.0.10) composite_primary_keys (3.1.10, 3.1.0) daemons (1.0.10) erubis (2.6.6) gem_plugin (0.2.3) i18n (0.5.0) mail (2.2.19, 2.2.15) mime-types (1.16) mongrel (1.2.0.pre2) mysql2 (0.3.6, 0.3.0, 0.2.7, 0.2.6) polyglot (0.3.1) rack (1.2.3, 1.2.2) rack-mount (0.6.14, 0.6.13) rack-test (0.5.7) rails (3.0.6, 3.0.5) railties (3.0.6, 3.0.5) rake (0.9.2, 0.8.7) ruby-odbc (0.99994) sqlite3 (1.3.3) thor (0.14.6) treetop (1.4.9) tzinfo (0.3.29, 0.3.27, 0.3.26, 0.3.25)

Crypto parts of the user.rb model

   def create_salt      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}-- #{login}--")    end    def encrypt_password      create_salt      self.crypted_password = encrypt(password)    end    # Encrypts the password with the user salt    def encrypt(password)      self.class.encrypt(password, salt)    end    # Encrypts some data with the salt.    def self.encrypt(password, salt)      Digest::SHA1.hexdigest("--#{salt}--#{password}--")    end    def self.authenticate(login, password)      u=find(:first, :conditions=>["login = ?", login])      return u if u && u.authenticated?(password)      nil    end    def authenticated?(password)       crypted_password == encrypt(password)    end    def password_required?      crypted_password.blank? || !password.blank?    end

2

Questions:

1) Are you accessing the records created from the mac? Or you're re- creating it from scratch? Are you pulling it from an existing database?

2) Can you tell us what version of Ruby *and* version of OpenSSL are you using in both environments? E.g.:

$ ruby -v ruby 1.8.7 (2011-02-18 patchlevel 334) [i686-darwin10.6.0]

$ ruby -ropenssl -e "puts OpenSSL::OPENSSL_VERSION" OpenSSL 0.9.8l 5 Nov 2009

3) What "Digest::SHA1.hexdigest("something")" returns to you?

$ ruby -rdigest/sha1 -e 'puts Digest::SHA1.hexdigest("something").inspect' "1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29"

Do you see the trailing garbage there?

3) Have you tried doing chomp to remove the trail garbage?

3

Thanks Luis. Sorry for not providing the additional info in the first post.

1) Are you accessing the records created from the mac? Or you're re- creating it from scratch? Are you pulling it from an existing database?

I am accessing records created from the Mac and Windows and the results are the same regardless of which source creates them. Examples: created on a mac, read on a mac: => #<User id: 1068138635, login: "umac", crypted_password: "1f305dba421a8b5b789f83fe20427115e081528f", salt: "e9517ee84c0a3945ac07ff59b323f2356b1405d1", email_address: "umac@123.com", created_at: "2011-07-13 15:51:10", updated_at: "2011-07-13 15:51:10", first_name: "user", last_name: "created on mac"> created on a mac, read on a pc: irb(main):001:0> @u=User.find(:first, :conditions=>["login = ?", "umac"]) => #<User id: 1068138635, login: "umac", crypted_password: "1f305dba421a8b5b789f83fe20427115e081528\x00\x00", salt: "e9517ee84c0a3945ac07ff59b323f2356b1405d\x00\x00" , email_address: "umac@123.com", created_at: "2011-07-13 15:51:10", updated_at: "2011-07-13 15:51:10", first_name: "user", last_name: "created on mac">

created on a pc, read on a mac: ruby-1.9.2-p180 :003 > @u=User.find(:first, :conditions=>["login = ?", "userpc"]) => #<User id: 1068138636, login: "userpc", crypted_password: "51aa6cba52ed4c5b40da4aad9a66c2082b7cf3f9", salt: "a1d3bc09a0df6cc8a548f8ac8ada5f272d8ab127", email_address: "userpc@123.com", created_at: "2011-07-13 19:34:27", updated_at: "2011-07-13 19:34:27", first_name: "user", last_name: "createdonapc"> created on a pc, read on a pc: irb(main):002:0> @u=User.find(:first, :conditions=>["login = ?", "userpc"]) => #<User id: 1068138636, login: "userpc", crypted_password: "51aa6cba52ed4c5b40da4aad9a66c2082b7cf3f\x00\x00", salt: "a1d3bc09a0df6cc8a548f8ac8ada5f272d8ab12\x00\x00", email_address: "userpc@123.com", created_at: "2011-07-13 19:34:27", updated_at: "2011-07-13 19:34:27", first_name: "user", last_name: "createdonapc"> I am creating them from scratch and using a newly created database for this app and Rails 3.0+

2) Can you tell us what version of Ruby *and* version of OpenSSL are

you using in both environments? E.g.:

Mac: Ruby 1.9.2 and Rails 3.0.6,OpenSSL 0.9.8l 5 Nov 2009 PC: Ruby 1.9.2 and Rails 3.0.6,OpenSSL 0.9.8q 2 Dec 2010

3) What "Digest::SHA1.hexdigest("something")" returns to you? Mac:

ruby -rdigest/sha1 -e 'puts Digest::SHA1.hexdigest("something").inspect' "1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29"

PC: ruby -rdigest/sha1 -e 'puts Digest::SHA1.hexdigest("something").inspect' "1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29"

3) Have you tried doing chomp to remove the trail garbage?

No because the problem is not that the garbage is there but the \x00\x00 actually replaces the last character in a valid salt.

Thanks for spending your time to look at this. Tom