Module: Devise::Models::DatabaseAuthenticatable
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/devise/models/database_authenticatable.rb
Overview
Authenticatable Module, responsible for encrypting password and validating authenticity of a user while signing in.
Options
DatabaseAuthenticable adds the following options to devise_for:
* +pepper+: a random string used to provide a more secure hash. Use
`rake secret` to generate new keys.
* +stretches+: the cost given to bcrypt.
Examples
User.find(1).valid_password?('password123') # returns true/false
Defined Under Namespace
Modules: ClassMethods
Class Method Summary collapse
Instance Method Summary collapse
- #after_database_authentication ⇒ Object
-
#authenticatable_salt ⇒ Object
A reliable way to expose the salt regardless of the implementation.
-
#clean_up_passwords ⇒ Object
Set password and password confirmation to nil.
-
#password=(new_password) ⇒ Object
Generates password encryption based on the given value.
-
#update_with_password(params, *options) ⇒ Object
Update record attributes when :current_password matches, otherwise returns error on :current_password.
-
#update_without_password(params, *options) ⇒ Object
Updates record attributes without asking for the current password.
-
#valid_password?(password) ⇒ Boolean
Verifies whether an password (ie from sign in) is the user password.
Class Method Details
.required_fields(klass) ⇒ Object
30 31 32 |
# File 'lib/devise/models/database_authenticatable.rb', line 30 def self.required_fields(klass) [:encrypted_password] + klass.authentication_keys end |
Instance Method Details
#after_database_authentication ⇒ Object
99 100 |
# File 'lib/devise/models/database_authenticatable.rb', line 99 def after_database_authentication end |
#authenticatable_salt ⇒ Object
A reliable way to expose the salt regardless of the implementation.
103 104 105 |
# File 'lib/devise/models/database_authenticatable.rb', line 103 def authenticatable_salt encrypted_password[0,29] if encrypted_password end |
#clean_up_passwords ⇒ Object
Set password and password confirmation to nil
49 50 51 |
# File 'lib/devise/models/database_authenticatable.rb', line 49 def clean_up_passwords self.password = self.password_confirmation = nil end |
#password=(new_password) ⇒ Object
Generates password encryption based on the given value.
35 36 37 38 |
# File 'lib/devise/models/database_authenticatable.rb', line 35 def password=(new_password) @password = new_password self.encrypted_password = password_digest(@password) if @password.present? end |
#update_with_password(params, *options) ⇒ Object
Update record attributes when :current_password matches, otherwise returns error on :current_password. It also automatically rejects :password and :password_confirmation if they are blank.
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
# File 'lib/devise/models/database_authenticatable.rb', line 56 def update_with_password(params, *) current_password = params.delete(:current_password) if params[:password].blank? params.delete(:password) params.delete(:password_confirmation) if params[:password_confirmation].blank? end result = if valid_password?(current_password) update_attributes(params, *) else params.delete(:password) self.assign_attributes(params, *) self.valid? self.errors.add(:current_password, current_password.blank? ? :blank : :invalid) false end clean_up_passwords result end |
#update_without_password(params, *options) ⇒ Object
Updates record attributes without asking for the current password. Never allows to change the current password. If you are using this method, you should probably override this method to protect other attributes you would not like to be updated without a password.
Example:
def update_without_password(params={})
params.delete(:email)
super(params)
end
90 91 92 93 94 95 96 97 |
# File 'lib/devise/models/database_authenticatable.rb', line 90 def update_without_password(params, *) params.delete(:password) params.delete(:password_confirmation) result = update_attributes(params, *) clean_up_passwords result end |
#valid_password?(password) ⇒ Boolean
Verifies whether an password (ie from sign in) is the user password.
41 42 43 44 45 46 |
# File 'lib/devise/models/database_authenticatable.rb', line 41 def valid_password?(password) return false if encrypted_password.blank? bcrypt = ::BCrypt::Password.new(encrypted_password) password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt) Devise.secure_compare(password, encrypted_password) end |