Module: Devise::Models::DatabaseAuthenticatable
- Defined in:
- lib/devise/models/database_authenticatable.rb
Overview
Authenticable Module, responsible for encrypting password and validating authenticity of a user while signing in.
Configuration:
You can overwrite configuration values by setting in globally in Devise, using devise method or overwriting the respective instance method.
pepper: encryption key used for creating encrypted password. Each time
password changes, it's gonna be encrypted again, and this key
is added to the password and salt to create a secure hash.
Always use `rake secret' to generate a new key.
stretches: defines how many times the password will be encrypted.
encryptor: the encryptor going to be used. By default :sha1.
authentication_keys: parameters used for authentication. By default [:email]
Examples:
User.authenticate('[email protected]', 'password123') # returns authenticated user or nil
User.find(1).valid_password?('password123') # returns true/false
Defined Under Namespace
Modules: ClassMethods
Class Method Summary collapse
Instance Method Summary collapse
-
#clean_up_passwords ⇒ Object
Set password and password confirmation to nil.
-
#old_password ⇒ Object
TODO Remove me in next release.
-
#password=(new_password) ⇒ Object
Regenerates password salt and encrypted password each time password is set, and then trigger any “after_changed_password”-callbacks.
-
#update_with_password(params = {}) ⇒ Object
Update record attributes when :current_password matches, otherwise returns error on :current_password.
-
#valid_for_authentication?(attributes) ⇒ Boolean
Checks if a resource is valid upon authentication.
-
#valid_password?(incoming_password) ⇒ Boolean
Verifies whether an incoming_password (ie from sign in) is the user password.
Class Method Details
.included(base) ⇒ Object
30 31 32 33 34 35 36 37 |
# File 'lib/devise/models/database_authenticatable.rb', line 30 def self.included(base) base.class_eval do extend ClassMethods attr_reader :password, :current_password attr_accessor :password_confirmation end end |
Instance Method Details
#clean_up_passwords ⇒ Object
Set password and password confirmation to nil
67 68 69 |
# File 'lib/devise/models/database_authenticatable.rb', line 67 def clean_up_passwords self.password = self.password_confirmation = nil end |
#old_password ⇒ Object
TODO Remove me in next release
40 41 42 43 |
# File 'lib/devise/models/database_authenticatable.rb', line 40 def old_password ActiveSupport::Deprecation.warn "old_password is deprecated, please use current_password instead", caller @old_password end |
#password=(new_password) ⇒ Object
Regenerates password salt and encrypted password each time password is set, and then trigger any “after_changed_password”-callbacks.
47 48 49 50 51 52 53 54 |
# File 'lib/devise/models/database_authenticatable.rb', line 47 def password=(new_password) @password = new_password if @password.present? self.password_salt = self.class.encryptor_class.salt self.encrypted_password = password_digest(@password) end end |
#update_with_password(params = {}) ⇒ Object
Update record attributes when :current_password matches, otherwise returns error on :current_password. It also automatically rejects :password and :password_confirmation if they are blank.
74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/devise/models/database_authenticatable.rb', line 74 def update_with_password(params={}) current_password = params.delete(:current_password) if params[:password].blank? params.delete(:password) params.delete(:password_confirmation) if params[:password_confirmation].blank? end result = if valid_password?(current_password) update_attributes(params) else = current_password.blank? ? :blank : :invalid self.class.add_error_on(self, :current_password, , false) self.attributes = params false end clean_up_passwords unless result result end |
#valid_for_authentication?(attributes) ⇒ Boolean
Checks if a resource is valid upon authentication.
62 63 64 |
# File 'lib/devise/models/database_authenticatable.rb', line 62 def valid_for_authentication?(attributes) valid_password?(attributes[:password]) end |
#valid_password?(incoming_password) ⇒ Boolean
Verifies whether an incoming_password (ie from sign in) is the user password.
57 58 59 |
# File 'lib/devise/models/database_authenticatable.rb', line 57 def valid_password?(incoming_password) Devise.secure_compare(password_digest(incoming_password), self.encrypted_password) end |