Module: Devise::Models::PasswordExpirable
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/devise-security/models/password_expirable.rb
Overview
PasswordExpirable makes passwords expire after a configurable amount of time, or on demand.
Configuration
Set expire_password_after
to the number of seconds a password is valid for (example: 3.months
). Setting it to true
will allow passwords to be expired on-demand only, and false
disables this feature.
Expire On-Demand
This is useful to force users to change passwords for complex business reasons. Call need_change_password
to indicate a record needs a new password.
Defined Under Namespace
Modules: ClassMethods
Instance Method Summary collapse
- #expire_password_after ⇒ Integer, ...
-
#need_change_password ⇒ void
(also: #expire_password, #request_password_change)
Clear the
password_changed_at
field so that the user will be required to update their password. -
#need_change_password! ⇒ Boolean
(also: #expire_password!, #request_password_change!)
Clear the
password_changed_at
field so that the user will be required to update their password. -
#need_change_password? ⇒ Boolean, true
Is a password change required?.
-
#password_change_requested? ⇒ Boolean
When
password_changed_at
is set toNULL
in the database the user is required to change their password. -
#password_too_old? ⇒ Boolean
(also: #password_expired?)
Is this password older than the configured expiration timeout?.
Instance Method Details
#expire_password_after ⇒ Integer, ...
64 65 66 |
# File 'lib/devise-security/models/password_expirable.rb', line 64 def expire_password_after self.class.expire_password_after end |
#need_change_password ⇒ void Also known as: expire_password, request_password_change
Does not save the record
This method returns an undefined value.
Clear the password_changed_at
field so that the user will be required to
update their password.
53 54 55 56 57 |
# File 'lib/devise-security/models/password_expirable.rb', line 53 def need_change_password return unless password_expiration_enabled? self.password_changed_at = nil end |
#need_change_password! ⇒ Boolean Also known as: expire_password!, request_password_change!
Saves the record (without validations)
Clear the password_changed_at
field so that the user will be required to update their password.
40 41 42 43 44 45 |
# File 'lib/devise-security/models/password_expirable.rb', line 40 def need_change_password! return unless password_expiration_enabled? need_change_password save(validate: false) end |
#need_change_password? ⇒ Boolean, true
Is a password change required?
32 33 34 |
# File 'lib/devise-security/models/password_expirable.rb', line 32 def need_change_password? password_change_requested? || password_too_old? end |
#password_change_requested? ⇒ Boolean
When password_changed_at
is set to NULL
in the database the user is required to change their password. This only happens on demand or when the column is first added to the table.
72 73 74 75 76 77 |
# File 'lib/devise-security/models/password_expirable.rb', line 72 def password_change_requested? return false unless password_expiration_enabled? return false if new_record? password_changed_at.nil? end |
#password_too_old? ⇒ Boolean Also known as: password_expired?
Is this password older than the configured expiration timeout?
81 82 83 84 85 86 87 |
# File 'lib/devise-security/models/password_expirable.rb', line 81 def password_too_old? return false if new_record? return false unless password_expiration_enabled? return false if expire_password_on_demand? password_changed_at < expire_password_after.seconds.ago end |