Module: Devise::Models::Argon2

Defined in:
lib/devise-argon2/model.rb

Defined Under Namespace

Modules: ClassMethods

Instance Method Summary collapse

Instance Method Details

#valid_password?(password) ⇒ Boolean

Returns:

  • (Boolean) 


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/devise-argon2/model.rb', line 6

def valid_password?(password)
  is_valid = hash_needs_update = false
  
  if ::Argon2::Password.valid_hash?(encrypted_password)
    if migrate_hash_from_devise_argon2_v1?
      is_valid = ::Argon2::Password.verify_password(
        "#{password}#{password_salt}#{self.class.pepper}",
        encrypted_password
      )
      hash_needs_update = true
    else
      argon2_secret = (self.class.argon2_options[:secret] || self.class.pepper)
      is_valid = ::Argon2::Password.verify_password(
        password,
        encrypted_password,
        argon2_secret
      )
      hash_needs_update = outdated_work_factors?
    end
  else
    # Devise models are included in a fixed order, see
    # https://github.com/heartcombo/devise/blob/f6e73e5b5c8f519f4be29ac9069c6ed8a2343ce4/lib/devise/models.rb#L79.
    # Since we don't specify where this model should be inserted when we call add_module,
    # it will be inserted at the end, i.e. after DatabaseAuthenticatable (see
    # https://github.com/heartcombo/devise/blob/f6e73e5b5c8f519f4be29ac9069c6ed8a2343ce4/lib/devise.rb#L393). 
    # So we can call DatabaseAuthenticable's valid_password? with super.
    is_valid = super
    hash_needs_update = true
  end

  update_hash(password) if is_valid && hash_needs_update

  is_valid
end