Module: Clearance::PasswordStrategies::BCrypt

Defined in:
lib/clearance/password_strategies/bcrypt.rb

Overview

Uses BCrypt to authenticate users and store encrypted passwords.

BCrypt has a cost argument which determines how computationally expensive the hash is to calculate. The higher the cost, the harder it is for attackers to crack passwords even if they posess a database dump of the encrypted passwords. Clearance uses the bcrypt-ruby default cost except in the test environment, where it uses the minimum cost value for speed. If you wish to increase the cost over the default, you can do so by setting a higher cost in an initializer: BCrypt::Engine.cost = 12

Instance Method Summary collapse

Instance Method Details

#authenticated?(password) ⇒ Boolean

Returns:

  • (Boolean)


16
17
18
19
20
# File 'lib/clearance/password_strategies/bcrypt.rb', line 16

def authenticated?(password)
  if encrypted_password.present?
    ::BCrypt::Password.new(encrypted_password) == password
  end
end

#configured_bcrypt_costObject



33
34
35
36
37
38
39
# File 'lib/clearance/password_strategies/bcrypt.rb', line 33

def configured_bcrypt_cost
  if defined?(::Rails) && ::Rails.env.test?
    ::BCrypt::Engine::MIN_COST
  else
    ::BCrypt::Engine.cost
  end
end

#password=(new_password) ⇒ Object



22
23
24
25
26
27
28
29
30
31
# File 'lib/clearance/password_strategies/bcrypt.rb', line 22

def password=(new_password)
  @password = new_password

  if new_password.present?
    self.encrypted_password = ::BCrypt::Password.create(
      new_password,
      cost: configured_bcrypt_cost,
    )
  end
end