Module: ActiveModel::SecurePassword::ClassMethods
- Defined in:
- activemodel/lib/active_model/secure_password.rb
Instance Method Summary collapse
-
#has_secure_password(options = {}) ⇒ Object
Adds methods to set and authenticate against a BCrypt password.
Instance Method Details
#has_secure_password(options = {}) ⇒ Object
Adds methods to set and authenticate against a BCrypt password. This mechanism requires you to have a password_digest attribute.
Validations for presence of password on create, confirmation of password (using a password_confirmation
attribute) are automatically added. If you wish to turn off validations, pass validations: false
as an argument. You can add more validations by hand if need be.
If you don’t need the confirmation validation, just don’t set any value to the password_confirmation attribute and the validation will not be triggered.
You need to add bcrypt-ruby (~> 3.1.0) to Gemfile to use #has_secure_password:
gem 'bcrypt-ruby', '~> 3.1.0'
Example using Active Record (which automatically includes ActiveModel::SecurePassword):
# Schema: User(name:string, password_digest:string)
class User < ActiveRecord::Base
has_secure_password
end
user = User.new(name: 'david', password: '', password_confirmation: 'nomatch')
user.save # => false, password required
user.password = 'mUc3m00RsqyRe'
user.save # => false, confirmation doesn't match
user.password_confirmation = 'mUc3m00RsqyRe'
user.save # => true
user.authenticate('notright') # => false
user.authenticate('mUc3m00RsqyRe') # => user
User.find_by(name: 'david').try(:authenticate, 'notright') # => false
User.find_by(name: 'david').try(:authenticate, 'mUc3m00RsqyRe') # => user
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
# File 'activemodel/lib/active_model/secure_password.rb', line 42 def has_secure_password( = {}) # Load bcrypt-ruby only when has_secure_password is used. # This is to avoid ActiveModel (and by extension the entire framework) # being dependent on a binary library. begin gem 'bcrypt-ruby', '~> 3.1.0' require 'bcrypt' rescue LoadError $stderr.puts "You don't have bcrypt-ruby installed in your application. Please add it to your Gemfile and run bundle install" raise end attr_reader :password include InstanceMethodsOnActivation if .fetch(:validations, true) validates_confirmation_of :password, if: :should_confirm_password? validates_presence_of :password, on: :create validates_presence_of :password_confirmation, if: :should_confirm_password? before_create { raise "Password digest missing on new record" if password_digest.blank? } end if respond_to?(:attributes_protected_by_default) def self.attributes_protected_by_default #:nodoc: super + ['password_digest'] end end end |