Weird problem between windows and mac versions of some code

Rails
1

peruse the following:

Mac version
ruby-1.9.2-p180 :005 > @u=User.find(:first, :conditions=>[“login = ?”,
“rgtest”])
=> #<User id: 1068138631, login: “rgtest”, crypted_password:
“a13970eb729c1f0761242f1995a2d2f7b2e52e5a”, salt:
“122a37f8c048d7eacb8d62008790be7406c85cdc”, email_address: “rgtest”,
created_at: “2011-07-12 12:03:20”, updated_at: “2011-07-12 18:30:08”,
first_name: “rgtest”, last_name: “rgtest”>

Windows Version
irb(main):001:0> @u=User.find(:first, :conditions=>[“login = ?”,
“rgtest”])
=> #<User id: 1068138631, login: “rgtest”, crypted_password:
“a13970eb729c1f0761242f1995a2d2f7b2e52e5\x00\x00”, salt:
“122a37f8c048d7eacb8d62008790be7406c85cd\x00\x00”, email_address:
“rgtest”, created_at: “2011-07-12 12:03:20”, updated_at: “2011-07-12
18:30:08”, first_name: “rgtest”, last_name: “rgtest”>
irb(main):002:0>

Notice the differences between the crypted_password and salt strings
returned, this is causing the authentication to fail. Has anyone else
seen this or have any ideas how this may be happening?

Tom

Here is the environment and code:
Info:
Gemfile
gem ‘rails’, ‘3.0.6’
gem ‘activerecord-sqlserver-adapter’ ,'3.0.15
gem ‘ruby-odbc’ ,‘0.99994’
gem ‘mongrel’, ‘>=1.2.0.pre2’
gem ‘composite_primary_keys’, ‘=3.1.0’

Local gems:
bstract (1.0.0)
actionmailer (3.0.6, 3.0.5)
actionpack (3.0.6, 3.0.5)
activemodel (3.0.9, 3.0.6, 3.0.5)
activerecord (3.0.6, 3.0.5)
activerecord-sqlserver-adapter (3.0.15, 3.0.14, 3.0.12, 3.0.10)
activeresource (3.0.6, 3.0.5)
activesupport (3.0.9, 3.0.6, 3.0.5)
arel (2.0.10, 2.0.9)
builder (2.1.2)
bundler (1.0.10)
composite_primary_keys (3.1.10, 3.1.0)
daemons (1.0.10)
erubis (2.6.6)
gem_plugin (0.2.3)
i18n (0.5.0)
mail (2.2.19, 2.2.15)
mime-types (1.16)
mongrel (1.2.0.pre2)
mysql2 (0.3.6, 0.3.0, 0.2.7, 0.2.6)
polyglot (0.3.1)
rack (1.2.3, 1.2.2)
rack-mount (0.6.14, 0.6.13)
rack-test (0.5.7)
rails (3.0.6, 3.0.5)
railties (3.0.6, 3.0.5)
rake (0.9.2, 0.8.7)
ruby-odbc (0.99994)
sqlite3 (1.3.3)
thor (0.14.6)
treetop (1.4.9)
tzinfo (0.3.29, 0.3.27, 0.3.26, 0.3.25)

Crypto parts of the user.rb model

def create_salt
self.salt = Digest::SHA1.hexdigest("–#{Time.now.to_s}–
#{login}–")
end
def encrypt_password
create_salt
self.crypted_password = encrypt(password)
end

Encrypts the password with the user salt

def encrypt(password)
self.class.encrypt(password, salt)
end

Encrypts some data with the salt.

def self.encrypt(password, salt)
Digest::SHA1.hexdigest("–#{salt}–#{password}–")
end
def self.authenticate(login, password)
u=find(:first, :conditions=>[“login = ?”, login])
return u if u && u.authenticated?(password)
nil
end
def authenticated?(password)
crypted_password == encrypt(password)
end
def password_required?
crypted_password.blank? || !password.blank?
end

2

On Jul 12, 4:18pm, Tom [email protected] wrote:

Windows Version
irb(main):001:0> @u=User.find(:first, :conditions=>[“login = ?”,
“rgtest”])
=> #<User id: 1068138631, login: “rgtest”, crypted_password:
“a13970eb729c1f0761242f1995a2d2f7b2e52e5\x00\x00”, salt:
“122a37f8c048d7eacb8d62008790be7406c85cd\x00\x00”, email_address:
“rgtest”, created_at: “2011-07-12 12:03:20”, updated_at: “2011-07-12
18:30:08”, first_name: “rgtest”, last_name: “rgtest”>
irb(main):002:0>

Questions:

  1. Are you accessing the records created from the mac? Or you’re re-
    creating it from scratch? Are you pulling it from an existing
    database?

  2. Can you tell us what version of Ruby and version of OpenSSL are
    you using in both environments? E.g.:

$ ruby -v
ruby 1.8.7 (2011-02-18 patchlevel 334) [i686-darwin10.6.0]

$ ruby -ropenssl -e “puts OpenSSL::OPENSSL_VERSION”
OpenSSL 0.9.8l 5 Nov 2009

  1. What “Digest::SHA1.hexdigest(“something”)” returns to you?

$ ruby -rdigest/sha1 -e ‘puts
Digest::SHA1.hexdigest(“something”).inspect’
“1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29”

Do you see the trailing garbage there?

  1. Have you tried doing chomp to remove the trail garbage?


Luis L.

3

Thanks Luis.
Sorry for not providing the additional info in the first post.

  1. Are you accessing the records created from the mac? Or you’re re-
    creating it from scratch? Are you pulling it from an existing
    database?
    I am accessing records created from the Mac and Windows and the
    results are the same regardless of which source creates them.
    Examples:
    created on a mac, read on a mac:
    => #<User id: 1068138635, login: “umac”, crypted_password:
    “1f305dba421a8b5b789f83fe20427115e081528f”, salt:
    “e9517ee84c0a3945ac07ff59b323f2356b1405d1”, email_address:
    [email protected]”, created_at: “2011-07-13 15:51:10”, updated_at:
    “2011-07-13 15:51:10”, first_name: “user”, last_name: “created on
    mac”>
    created on a mac, read on a pc:
    irb(main):001:0> @u=User.find(:first, :conditions=>[“login = ?”,
    “umac”])
    => #<User id: 1068138635, login: “umac”, crypted_password:
    “1f305dba421a8b5b789f83fe20427115e081528\x00\x00”, salt:
    “e9517ee84c0a3945ac07ff59b323f2356b1405d\x00\x00”
    , email_address: “[email protected]”, created_at: “2011-07-13 15:51:10”,
    updated_at: “2011-07-13 15:51:10”, first_name: “user”, last_name:
    “created on mac”>

created on a pc, read on a mac:
ruby-1.9.2-p180 :003 > @u=User.find(:first, :conditions=>[“login = ?”,
“userpc”])
=> #<User id: 1068138636, login: “userpc”, crypted_password:
“51aa6cba52ed4c5b40da4aad9a66c2082b7cf3f9”, salt:
“a1d3bc09a0df6cc8a548f8ac8ada5f272d8ab127”, email_address:
[email protected]”, created_at: “2011-07-13 19:34:27”, updated_at:
“2011-07-13 19:34:27”, first_name: “user”, last_name: “createdonapc”>
created on a pc, read on a pc:
irb(main):002:0> @u=User.find(:first, :conditions=>[“login = ?”,
“userpc”])
=> #<User id: 1068138636, login: “userpc”, crypted_password:
“51aa6cba52ed4c5b40da4aad9a66c2082b7cf3f\x00\x00”, salt:
“a1d3bc09a0df6cc8a548f8ac8ada5f272d8ab12\x00\x00”,
email_address: “[email protected]”, created_at: “2011-07-13 19:34:27”,
updated_at: “2011-07-13 19:34:27”, first_name: “user”, last_name:
“createdonapc”>
I am creating them from scratch and using a newly created database for
this app and Rails 3.0+

  1. Can you tell us what version of Ruby and version of OpenSSL are

you using in both environments? E.g.:

Mac:
Ruby 1.9.2 and Rails 3.0.6,OpenSSL 0.9.8l 5 Nov 2009
PC:
Ruby 1.9.2 and Rails 3.0.6,OpenSSL 0.9.8q 2 Dec 2010

  1. What “Digest::SHA1.hexdigest(“something”)” returns to you?
    Mac:

ruby -rdigest/sha1 -e ‘puts
Digest::SHA1.hexdigest(“something”).inspect’
“1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29”

PC:
ruby -rdigest/sha1 -e ‘puts
Digest::SHA1.hexdigest(“something”).inspect’
“1af17e73721dbe0c40011b82ed4bb1a7dbe3ce29”

  1. Have you tried doing chomp to remove the trail garbage?
    No because the problem is not that the garbage is there but the
    \x00\x00 actually replaces the last character in a valid salt.

Thanks for spending your time to look at this.
Tom