Module: Authentication::ByPassword::ModelClassMethods

Defined in:
lib/authentication/by_password.rb

Overview

Class Methods

Instance Method Summary collapse

Instance Method Details

#password_digest(password, salt) ⇒ Object

This provides a modest increased defense against a dictionary attack if your db were ever compromised, but will invalidate existing passwords. See the README and the file config/initializers/site_keys.rb

It may not be obvious, but if you set REST_AUTH_SITE_KEY to nil and REST_AUTH_DIGEST_STRETCHES to 1 you’ll have backwards compatibility with older versions of restful-authentication.



30
31
32
33
34
35
36
# File 'lib/authentication/by_password.rb', line 30

def password_digest(password, salt)
  digest = REST_AUTH_SITE_KEY
  REST_AUTH_DIGEST_STRETCHES.times do
    digest = secure_digest(digest, salt, password, REST_AUTH_SITE_KEY)
  end
  digest
end