Module: Devise::Models::SecureValidatable

Defined in:
lib/devise_security_extension/models/secure_validatable.rb

Overview

SecureValidatable creates better validations with more validation for security

Options

SecureValidatable adds the following options to devise_for:

* +email_regexp+: the regular expression used to validate e-mails;
* +password_length+: a range expressing password length. Defaults from devise
* +password_regex+: need strong password. Defaults to /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/

Defined Under Namespace

Modules: ClassMethods

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.assert_secure_validations_api!(base) ⇒ Object 



47
48
49
 
# File 'lib/devise_security_extension/models/secure_validatable.rb', line 47

def self.assert_secure_validations_api!(base)
  raise "Could not use SecureValidatable on #{base}" unless base.respond_to?(:validates)
end

.included(base) ⇒ Object 



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/devise_security_extension/models/secure_validatable.rb', line 15

def self.included(base)
  base.extend ClassMethods
  assert_secure_validations_api!(base)

  base.class_eval do
    # validate login in a strict way if not yet validated
    unless has_uniqueness_validation_of_login?
      validation_condition = "#{}_changed?".to_sym

      validates , :uniqueness => {
                                    :scope          => authentication_keys[1..-1],
                                    :case_sensitive => !!case_insensitive_keys
                                  },
                                  :if => validation_condition
    end

    unless devise_validation_enabled?
      validates :email, :presence => true, :if => :email_required?
      validates :email, :uniqueness => true, :allow_blank => true, :if => :email_changed? # check uniq for email ever

      validates :password, :presence => true, :length => password_length, :confirmation => true, :if => :password_required?
    end

    # extra validations
    validates :email,    :email  => email_validation if email_validation # use rails_email_validator or similar
    validates :password, :format => { :with => password_regex, :message => :password_format }, :if => :password_required?

    # don't allow use same password
    validate :current_equal_password_validation
  end
end

Instance Method Details

#current_equal_password_validationObject 



51
52
53
54
55
56
57
58
 
# File 'lib/devise_security_extension/models/secure_validatable.rb', line 51

def current_equal_password_validation
  if not self.new_record? and not self.encrypted_password_change.nil?
    dummy = self.class.new
    dummy.encrypted_password = self.encrypted_password_change.first
    dummy.password_salt = self.password_salt_change.first if self.respond_to? :password_salt_change and not self.password_salt_change.nil?
    self.errors.add(:password, :equal_to_current_password) if dummy.valid_password?(self.password)
  end
end