Module: Authentication::Logic::ActsAsAuthentic::Password::Config

Defined in:

lib/auth/logic/acts_as_authentic/password.rb

Overview

All configuration for the password aspect of acts_as_authentic.

Instance Method Summary

• #check_passwords_against_database(value = nil) ⇒ Object (also: #check_passwords_against_database=)

  When calling valid_password?(“some pass”) do you want to check that password against what’s in that object or whats in the database.

• #crypted_password_field(value = nil) ⇒ Object (also: #crypted_password_field=)

  The name of the crypted_password field in the database.

• #crypto_provider ⇒ Object

  The class you want to use to encrypt and verify your encrypted passwords.

• #crypto_provider=(value) ⇒ Object
• #ignore_blank_passwords(value = nil) ⇒ Object (also: #ignore_blank_passwords=)

  By default passwords are required when a record is new or the crypted_password is blank, but if both of these things are met a password is not required.

• #password_salt_field(value = nil) ⇒ Object (also: #password_salt_field=)

  The name of the password_salt field in the database.

• #require_password_confirmation(value = nil) ⇒ Object (also: #require_password_confirmation=)

  Whether or not to require a password confirmation.

• #transition_from_crypto_providers(value = nil) ⇒ Object (also: #transition_from_crypto_providers=)

  Let’s say you originally encrypted your passwords with Sha1.

Instance Method Details

#check_passwords_against_database(value = nil) ⇒ Object Also known as: check_passwords_against_database=

When calling valid_password?(“some pass”) do you want to check that password against what’s in that object or whats in the database. Take this example:

u = User.first
u.password = "new pass"
u.valid_password?("old pass")

Should the last line above return true or false? The record hasn’t been saved yet, so most would assume true. Other would assume false. So I let you decide by giving you this option.

• Default: true

• Accepts: Boolean

# File 'lib/auth/logic/acts_as_authentic/password.rb', line 94

def check_passwords_against_database(value = nil)
  rw_config(:check_passwords_against_database, value, true)
end

#crypted_password_field(value = nil) ⇒ Object Also known as: crypted_password_field=

The name of the crypted_password field in the database.

• Default: :crypted_password, :encrypted_password, :password_hash, or :pw_hash

• Accepts: Symbol

# File 'lib/auth/logic/acts_as_authentic/password.rb', line 24

def crypted_password_field(value = nil)
  rw_config(
    :crypted_password_field,
    value,
    first_column_to_exist(
      nil,
      :crypted_password,
      :encrypted_password,
      :password_hash,
      :pw_hash
    )
  )
end

#crypto_provider ⇒ Object

The class you want to use to encrypt and verify your encrypted passwords. See the Authentication::Logic::CryptoProviders module for more info on the available methods and how to create your own.

The family of adaptive hash functions (BCrypt, SCrypt, PBKDF2) is the best choice for password storage today. We recommend SCrypt. Other one-way functions like SHA512 are inferior, but widely used. Reversible functions like AES256 are the worst choice, and we no longer support them.

You can use the ‘transition_from_crypto_providers` option to gradually transition to a better crypto provider without causing your users any pain.

• Default: There is no longer a default value. Prior to Authentication::Logic 6, the default was ‘CryptoProviders::SCrypt`. If you try to read this config option before setting it, it will raise a `NilCryptoProvider` error. See that error’s message for further details, and rationale for this change.

• Accepts: Class

# File 'lib/auth/logic/acts_as_authentic/password.rb', line 119

def crypto_provider
  acts_as_authentic_config[:crypto_provider].tap do |provider|
    raise NilCryptoProvider if provider.nil?
  end
end

#crypto_provider=(value) ⇒ Object

Raises:

• (NilCryptoProvider)

# File 'lib/auth/logic/acts_as_authentic/password.rb', line 125

def crypto_provider=(value)
  raise NilCryptoProvider if value.nil?

  CryptoProviders::Guidance.new(value).impart_wisdom
  rw_config(:crypto_provider, value)
end

#ignore_blank_passwords(value = nil) ⇒ Object Also known as: ignore_blank_passwords=

By default passwords are required when a record is new or the crypted_password is blank, but if both of these things are met a password is not required. In this case, blank passwords are ignored.

Think about a profile page, where the user can edit all of their information, including changing their password. If they do not want to change their password they just leave the fields blank. This will try to set the password to a blank value, in which case is incorrect behavior. As such, Authentication::Logic ignores this. But let’s say you have a completely separate page for resetting passwords, you might not want to ignore blank passwords. If this is the case for you, then just set this value to false.

• Default: true

• Accepts: Boolean

# File 'lib/auth/logic/acts_as_authentic/password.rb', line 76

def ignore_blank_passwords(value = nil)
  rw_config(:ignore_blank_passwords, value, true)
end

#password_salt_field(value = nil) ⇒ Object Also known as: password_salt_field=

The name of the password_salt field in the database.

• Default: :password_salt, :pw_salt, :salt, nil if none exist

• Accepts: Symbol

# File 'lib/auth/logic/acts_as_authentic/password.rb', line 43

def password_salt_field(value = nil)
  rw_config(
    :password_salt_field,
    value,
    first_column_to_exist(nil, :password_salt, :pw_salt, :salt)
  )
end

#require_password_confirmation(value = nil) ⇒ Object Also known as: require_password_confirmation=

Whether or not to require a password confirmation. If you don’t want your users to confirm their password just set this to false.

• Default: true

• Accepts: Boolean

# File 'lib/auth/logic/acts_as_authentic/password.rb', line 57

def require_password_confirmation(value = nil)
  rw_config(:require_password_confirmation, value, true)
end

#transition_from_crypto_providers(value = nil) ⇒ Object Also known as: transition_from_crypto_providers=

Let’s say you originally encrypted your passwords with Sha1. Sha1 is starting to join the party with MD5 and you want to switch to something stronger. No problem, just specify your new and improved algorithm with the crypt_provider option and then let Authentication::Logic know you are transitioning from Sha1 using this option. Authentication::Logic will take care of everything, including transitioning your users to the new algorithm. The next time a user logs in, they will be granted access using the old algorithm and their password will be resaved with the new algorithm. All new users will obviously use the new algorithm as well.

Lastly, if you want to transition again, you can pass an array of crypto providers. So you can transition from as many algorithms as you want.

• Default: nil

• Accepts: Class or Array

# File 'lib/auth/logic/acts_as_authentic/password.rb', line 149

def transition_from_crypto_providers(value = nil)
  rw_config(
    :transition_from_crypto_providers,
    (!value.nil? && [value].flatten.compact) || value,
    []
  )
end