Module: Securial::PasswordResettable

Extended by:

ActiveSupport::Concern

Included in:

User

Defined in:

app/models/concerns/securial/password_resettable.rb

Overview

PasswordResettable Concern

This module provides functionality for managing password reset tokens and password expiration for user accounts. It includes methods to generate, validate, and clear reset password tokens, as well as to check if a user’s password has expired.

It also includes validations for password complexity and length.

## Usage Include this module in your User model to enable password reset functionality. It requires the model to have a ‘password_digest` attribute for secure password storage. The module also provides methods to handle password reset tokens and password expiration.

## Example

class User < ApplicationRecord
  include Securial::PasswordResettable
  # Additional user model code...
end

## Configuration The module uses the Securial configuration for password complexity, length, and reset password token expiration settings. You can configure these settings in your Securial initializer.

## Validations

• Password must meet complexity requirements defined in Securial.configuration

• Password must be at least Securial.configuration.password_min_length characters long

• Password must be at most Securial.configuration.password_max_length characters long

• Password confirmation must be present if a new password is being set or if the password is not nil

• Reset password token must be generated and cleared appropriately

• Password expiration is managed based on the Securial.configuration.password_expires_in setting

Instance Method Summary

• #clear_reset_password_token! ⇒ void

  Clears the reset password token and its creation time.

• #generate_reset_password_token! ⇒ void

  Generates a secure reset password token for the user.

• #password_expired? ⇒ Boolean

  Checks if the user’s password has expired.

• #reset_password_token_valid? ⇒ Boolean

  Checks if the reset password token is valid.

• #update_password_changed_at ⇒ void private

  Updates the password_changed_at timestamp to the current time.

Instance Method Details

#clear_reset_password_token! ⇒ void

This method returns an undefined value.

Clears the reset password token and its creation time.

This method is typically called after a successful password reset to prevent the token from being reused.

# File 'app/models/concerns/securial/password_resettable.rb', line 95

def clear_reset_password_token!
  update!(
    reset_password_token: nil,
    reset_password_token_created_at: nil
  )
end

#generate_reset_password_token! ⇒ void

This method returns an undefined value.

Generates a secure reset password token for the user.

# File 'app/models/concerns/securial/password_resettable.rb', line 62

def generate_reset_password_token!
  update!(
    reset_password_token: Auth::TokenGenerator.generate_password_reset_token,
    reset_password_token_created_at: Time.current
  )
end

#password_expired? ⇒ Boolean

Note:

The method checks both the presence of the password_changed_at timestamp and the configured expiration duration.

Note:

If the password_changed_at timestamp is blank, it returns false.

Note:

If the password is expired, it returns true.

Checks if the user’s password has expired.

The password is considered expired if the last time it was changed is older than the configured expiration duration.

Examples:

user.password_expired? # => true or false

Returns:

• (Boolean) —

  Returns true if the password is expired, false otherwise.

# File 'app/models/concerns/securial/password_resettable.rb', line 114

def password_expired?
  return false unless Securial.configuration.password_expires
  return true unless password_changed_at

  password_changed_at < Securial.configuration.password_expires_in.ago
end

#reset_password_token_valid? ⇒ Boolean

Note:

The method checks both the presence of the token and its creation time.

Note:

If the token is blank or the creation time is blank, it returns false.

Note:

If the token is expired, it returns false.

Note:

The method uses the configured expiration duration from Securial.configuration.

Checks if the reset password token is valid.

The token is considered valid if it was created within the configured expiration duration.

Examples:

user.reset_password_token_valid? # => true or false

Returns:

• (Boolean) —

  Returns true if the reset password token is valid, false otherwise.

# File 'app/models/concerns/securial/password_resettable.rb', line 80

def reset_password_token_valid?
  return false if reset_password_token.blank? || reset_password_token_created_at.blank?

  duration = Securial.configuration.reset_password_token_expires_in
  return false unless duration.is_a?(ActiveSupport::Duration)

  reset_password_token_created_at > duration.ago
end

#update_password_changed_at ⇒ void (private)

This method returns an undefined value.

Updates the password_changed_at timestamp to the current time.

This method is called before saving the user record if the password digest has changed.

# File 'app/models/concerns/securial/password_resettable.rb', line 128

def update_password_changed_at
  self.password_changed_at = Time.current
end