Module: Clearance::PasswordStrategies::BCrypt
- Defined in:
- lib/clearance/password_strategies/bcrypt.rb
Overview
Uses BCrypt to authenticate users and store encrypted passwords.
BCrypt has a cost argument which determines how computationally
expensive the hash is to calculate. The higher the cost, the harder it is
for attackers to crack passwords even if they posess a database dump of
the encrypted passwords. Clearance uses the bcrypt-ruby default cost
except in the test environment, where it uses the minimum cost value for
speed. If you wish to increase the cost over the default, you can do so
by setting a higher cost in an initializer:
BCrypt::Engine.cost = 12
Instance Method Summary collapse
- #authenticated?(password) ⇒ Boolean
- #configured_bcrypt_cost ⇒ Object
- #password=(new_password) ⇒ Object
Instance Method Details
#authenticated?(password) ⇒ Boolean
16 17 18 19 20 |
# File 'lib/clearance/password_strategies/bcrypt.rb', line 16 def authenticated?(password) if encrypted_password.present? ::BCrypt::Password.new(encrypted_password) == password end end |
#configured_bcrypt_cost ⇒ Object
33 34 35 36 37 38 39 |
# File 'lib/clearance/password_strategies/bcrypt.rb', line 33 def configured_bcrypt_cost if defined?(::Rails) && ::Rails.env.test? ::BCrypt::Engine::MIN_COST else ::BCrypt::Engine.cost end end |
#password=(new_password) ⇒ Object
22 23 24 25 26 27 28 29 30 31 |
# File 'lib/clearance/password_strategies/bcrypt.rb', line 22 def password=(new_password) @password = new_password if new_password.present? self.encrypted_password = ::BCrypt::Password.create( new_password, cost: configured_bcrypt_cost, ) end end |