Module: Devise::Models::DatabaseAuthenticatable
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/devise/models/database_authenticatable.rb
Overview
Authenticatable Module, responsible for hashing the password and validating the authenticity of a user while signing in.
This module defines a ‘password=` method. This method will hash the argument and store it in the `encrypted_password` column, bypassing any pre-existing `password` column if it exists.
Options
DatabaseAuthenticatable adds the following options to devise
:
* +pepper+: a random string used to provide a more secure hash. Use
`rails secret` to generate new keys.
* +stretches+: the cost given to bcrypt.
* +send_email_changed_notification+: notify original email when it changes.
* +send_password_change_notification+: notify email when password changes.
Examples
User.find(1).valid_password?('password123') # returns true/false
Defined Under Namespace
Modules: ClassMethods
Class Method Summary collapse
Instance Method Summary collapse
-
#after_database_authentication ⇒ Object
A callback initiated after successfully authenticating.
-
#authenticatable_salt ⇒ Object
A reliable way to expose the salt regardless of the implementation.
-
#clean_up_passwords ⇒ Object
Set password and password confirmation to nil.
-
#destroy_with_password(current_password) ⇒ Object
Destroy record when :current_password matches, otherwise returns error on :current_password.
- #initialize(*args, &block) ⇒ Object
-
#password=(new_password) ⇒ Object
Generates a hashed password based on the given value.
-
#send_email_changed_notification ⇒ Object
Send notification to user when email changes.
-
#send_password_change_notification ⇒ Object
Send notification to user when password changes.
-
#skip_email_changed_notification! ⇒ Object
Skips sending the email changed notification after_update.
-
#skip_password_change_notification! ⇒ Object
Skips sending the password change notification after_update.
-
#update_with_password(params, *options) ⇒ Object
Update record attributes when :current_password matches, otherwise returns error on :current_password.
-
#update_without_password(params, *options) ⇒ Object
Updates record attributes without asking for the current password.
-
#valid_password?(password) ⇒ Boolean
Verifies whether a password (ie from sign in) is the user password.
Class Method Details
.required_fields(klass) ⇒ Object
58 59 60 |
# File 'lib/devise/models/database_authenticatable.rb', line 58 def self.required_fields(klass) [:encrypted_password] + klass.authentication_keys end |
Instance Method Details
#after_database_authentication ⇒ Object
A callback initiated after successfully authenticating. This can be used to insert your own logic that is only run after the user successfully authenticates.
Example:
def after_database_authentication
self.update_attribute(:invite_code, nil)
end
172 173 |
# File 'lib/devise/models/database_authenticatable.rb', line 172 def after_database_authentication end |
#authenticatable_salt ⇒ Object
A reliable way to expose the salt regardless of the implementation.
176 177 178 |
# File 'lib/devise/models/database_authenticatable.rb', line 176 def authenticatable_salt encrypted_password[0,29] if encrypted_password end |
#clean_up_passwords ⇒ Object
Set password and password confirmation to nil
76 77 78 |
# File 'lib/devise/models/database_authenticatable.rb', line 76 def clean_up_passwords self.password = self.password_confirmation = nil end |
#destroy_with_password(current_password) ⇒ Object
Destroy record when :current_password matches, otherwise returns error on :current_password. It also automatically rejects :current_password if it is blank.
150 151 152 153 154 155 156 157 158 159 160 |
# File 'lib/devise/models/database_authenticatable.rb', line 150 def destroy_with_password(current_password) result = if valid_password?(current_password) destroy else valid? errors.add(:current_password, current_password.blank? ? :blank : :invalid) false end result end |
#initialize(*args, &block) ⇒ Object
42 43 44 45 46 |
# File 'lib/devise/models/database_authenticatable.rb', line 42 def initialize(*args, &block) @skip_email_changed_notification = false @skip_password_change_notification = false super end |
#password=(new_password) ⇒ Object
Generates a hashed password based on the given value. For legacy reasons, we use ‘encrypted_password` to store the hashed password.
65 66 67 68 |
# File 'lib/devise/models/database_authenticatable.rb', line 65 def password=(new_password) @password = new_password self.encrypted_password = password_digest(@password) if @password.present? end |
#send_email_changed_notification ⇒ Object
Send notification to user when email changes.
181 182 183 |
# File 'lib/devise/models/database_authenticatable.rb', line 181 def send_email_changed_notification send_devise_notification(:email_changed, to: devise_email_before_last_save) end |
#send_password_change_notification ⇒ Object
Send notification to user when password changes.
186 187 188 |
# File 'lib/devise/models/database_authenticatable.rb', line 186 def send_password_change_notification send_devise_notification(:password_change) end |
#skip_email_changed_notification! ⇒ Object
Skips sending the email changed notification after_update
49 50 51 |
# File 'lib/devise/models/database_authenticatable.rb', line 49 def skip_email_changed_notification! @skip_email_changed_notification = true end |
#skip_password_change_notification! ⇒ Object
Skips sending the password change notification after_update
54 55 56 |
# File 'lib/devise/models/database_authenticatable.rb', line 54 def skip_password_change_notification! @skip_password_change_notification = true end |
#update_with_password(params, *options) ⇒ Object
Update record attributes when :current_password matches, otherwise returns error on :current_password.
This method also rejects the password field if it is blank (allowing users to change relevant information like the e-mail without changing their password). In case the password field is rejected, the confirmation is also rejected as long as it is also blank.
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
# File 'lib/devise/models/database_authenticatable.rb', line 87 def update_with_password(params, *) if .present? Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] The second argument of `DatabaseAuthenticatable#update_with_password` (`options`) is deprecated and it will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it from your code. DEPRECATION end current_password = params.delete(:current_password) if params[:password].blank? params.delete(:password) params.delete(:password_confirmation) if params[:password_confirmation].blank? end result = if valid_password?(current_password) update(params, *) else assign_attributes(params, *) valid? errors.add(:current_password, current_password.blank? ? :blank : :invalid) false end clean_up_passwords result end |
#update_without_password(params, *options) ⇒ Object
Updates record attributes without asking for the current password. Never allows a change to the current password. If you are using this method, you should probably override this method to protect other attributes you would not like to be updated without a password.
Example:
def update_without_password(params, *)
params.delete(:email)
super(params)
end
129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 |
# File 'lib/devise/models/database_authenticatable.rb', line 129 def update_without_password(params, *) if .present? Devise.deprecator.warn <<-DEPRECATION.strip_heredoc [Devise] The second argument of `DatabaseAuthenticatable#update_without_password` (`options`) is deprecated and it will be removed in the next major version. It was added to support a feature deprecated in Rails 4, so you can safely remove it from your code. DEPRECATION end params.delete(:password) params.delete(:password_confirmation) result = update(params, *) clean_up_passwords result end |