Module: Devise::Models::Encryptable
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/devise/encryptable/model.rb
Overview
Encryptable module adds support to several encryptors wrapping them in a salt and pepper mechanism to increase security.
Options
Encryptable adds the following options to devise_for:
* +pepper+: a random string used to provide a more secure hash.
* +encryptor+: the encryptor going to be used. By default is nil.
Examples
User.find(1).valid_password?('password123') # returns true/false
Defined Under Namespace
Modules: ClassMethods
Class Method Summary collapse
Instance Method Summary collapse
-
#authenticatable_salt ⇒ Object
Overrides authenticatable salt to use the new password_salt column.
-
#password=(new_password) ⇒ Object
Generates password salt when setting the password.
-
#valid_password?(password) ⇒ Boolean
Validates the password considering the salt.
Class Method Details
.required_fields(klass) ⇒ Object
28 29 30 |
# File 'lib/devise/encryptable/model.rb', line 28 def self.required_fields(klass) [:password_salt] end |
Instance Method Details
#authenticatable_salt ⇒ Object
Overrides authenticatable salt to use the new password_salt column. authenticatable_salt is used by ‘valid_password?` and by other modules whenever there is a need for a random token based on the user password.
48 49 50 |
# File 'lib/devise/encryptable/model.rb', line 48 def authenticatable_salt self.password_salt end |
#password=(new_password) ⇒ Object
Generates password salt when setting the password.
33 34 35 36 |
# File 'lib/devise/encryptable/model.rb', line 33 def password=(new_password) self.password_salt = self.class.password_salt if new_password.present? super end |
#valid_password?(password) ⇒ Boolean
Validates the password considering the salt.
39 40 41 42 |
# File 'lib/devise/encryptable/model.rb', line 39 def valid_password?(password) return false if encrypted_password.blank? encryptor_class.compare(encrypted_password, password, self.class.stretches, authenticatable_salt, self.class.pepper) end |