Module: Devise::Models::DatabaseAuthenticatable
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/devise/models/database_authenticatable.rb
Overview
Authenticatable Module, responsible for encrypting password and validating authenticity of a user while signing in.
Options
DatabaseAuthenticable adds the following options to devise_for:
* +stretches+: the cost given to bcrypt.
Examples
User.find(1).valid_password?('password123') # returns true/false
Defined Under Namespace
Modules: ClassMethods
Instance Method Summary collapse
- #after_database_authentication ⇒ Object
-
#authenticatable_salt ⇒ Object
A reliable way to expose the salt regardless of the implementation.
-
#clean_up_passwords ⇒ Object
Set password and password confirmation to nil.
-
#password=(new_password) ⇒ Object
Generates password encryption based on the given value.
-
#update_with_password(params = {}) ⇒ Object
Update record attributes when :current_password matches, otherwise returns error on :current_password.
-
#valid_password?(password) ⇒ Boolean
Verifies whether an password (ie from sign in) is the user password.
Instance Method Details
#after_database_authentication ⇒ Object
70 71 |
# File 'lib/devise/models/database_authenticatable.rb', line 70 def after_database_authentication end |
#authenticatable_salt ⇒ Object
A reliable way to expose the salt regardless of the implementation.
74 75 76 |
# File 'lib/devise/models/database_authenticatable.rb', line 74 def authenticatable_salt self.encrypted_password[0,29] if self.encrypted_password end |
#clean_up_passwords ⇒ Object
Set password and password confirmation to nil
43 44 45 |
# File 'lib/devise/models/database_authenticatable.rb', line 43 def clean_up_passwords self.password = self.password_confirmation = "" end |
#password=(new_password) ⇒ Object
Generates password encryption based on the given value.
29 30 31 32 |
# File 'lib/devise/models/database_authenticatable.rb', line 29 def password=(new_password) @password = new_password self.encrypted_password = password_digest(@password) if @password.present? end |
#update_with_password(params = {}) ⇒ Object
Update record attributes when :current_password matches, otherwise returns error on :current_password. It also automatically rejects :password and :password_confirmation if they are blank.
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
# File 'lib/devise/models/database_authenticatable.rb', line 50 def update_with_password(params={}) current_password = params.delete(:current_password) if params[:password].blank? params.delete(:password) params.delete(:password_confirmation) if params[:password_confirmation].blank? end result = if valid_password?(current_password) update_attributes(params) else self.errors.add(:current_password, current_password.blank? ? :blank : :invalid) self.attributes = params false end clean_up_passwords result end |
#valid_password?(password) ⇒ Boolean
Verifies whether an password (ie from sign in) is the user password.
35 36 37 38 39 40 |
# File 'lib/devise/models/database_authenticatable.rb', line 35 def valid_password?(password) return false if encrypted_password.blank? bcrypt = ::BCrypt::Password.new(self.encrypted_password) password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt) Devise.secure_compare(password, self.encrypted_password) end |