Module: Devise::Models::Encryptable

Extended by:
ActiveSupport::Concern
Defined in:
lib/devise/encryptable/model.rb

Overview

Encryptable module adds support to several encryptors wrapping them in a salt and pepper mechanism to increase security.

Options

Encryptable adds the following options to devise_for:

* +pepper+: a random string used to provide a more secure hash.

* +encryptor+: the encryptor going to be used. By default is nil.

Examples

User.find(1).valid_password?('password123') # returns true/false

Defined Under Namespace

Modules: ClassMethods

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.required_fields(klass) ⇒ Object 



28
29
30
 
# File 'lib/devise/encryptable/model.rb', line 28

def self.required_fields(klass)
  [:password_salt]
end

Instance Method Details

#authenticatable_saltObject

Overrides authenticatable salt to use the new password_salt column. authenticatable_salt is used by ‘valid_password?` and by other modules whenever there is a need for a random token based on the user password.



48
49
50
 
# File 'lib/devise/encryptable/model.rb', line 48

def authenticatable_salt
  self.password_salt
end

#password=(new_password) ⇒ Object

Generates password salt when setting the password.



33
34
35
36
 
# File 'lib/devise/encryptable/model.rb', line 33

def password=(new_password)
  self.password_salt = self.class.password_salt if new_password.present?
  super
end

#valid_password?(password) ⇒ Boolean

Validates the password considering the salt.

Returns:

  • (Boolean) 


39
40
41
42
 
# File 'lib/devise/encryptable/model.rb', line 39

def valid_password?(password)
  return false if encrypted_password.blank?
  encryptor_class.compare(encrypted_password, password, self.class.stretches, authenticatable_salt, self.class.pepper)
end