Module: Kingsman::Models::DatabaseAuthenticatable

Extended by:

ActiveSupport::Concern

Defined in:

lib/kingsman/models/database_authenticatable.rb

Overview

Authenticatable Module, responsible for hashing the password and validating the authenticity of a user while signing in.

This module defines a ‘password=` method. This method will hash the argument and store it in the `encrypted_password` column, bypassing any pre-existing `password` column if it exists.

Options

DatabaseAuthenticatable adds the following options to kingsman:

* +pepper+: a random string used to provide a more secure hash. Use
  `rails secret` to generate new keys.

* +stretches+: the cost given to bcrypt.

* +send_email_changed_notification+: notify original email when it changes.

* +send_password_change_notification+: notify email when password changes.

Examples

User.find(1).valid_password?('password123')         # returns true/false

Defined Under Namespace

Modules: ClassMethods

Class Method Summary

• .required_fields(klass) ⇒ Object

Instance Method Summary

• #after_database_authentication ⇒ Object

  A callback initiated after successfully authenticating.

• #authenticatable_salt ⇒ Object

  A reliable way to expose the salt regardless of the implementation.

• #clean_up_passwords ⇒ Object

  Set password and password confirmation to nil.

• #destroy_with_password(current_password) ⇒ Object

  Destroy record when :current_password matches, otherwise returns error on :current_password.

• #initialize(*args, &block) ⇒ Object
• #password=(new_password) ⇒ Object

  Generates a hashed password based on the given value.

• #send_email_changed_notification ⇒ Object

  Send notification to user when email changes.

• #send_password_change_notification ⇒ Object

  Send notification to user when password changes.

• #skip_email_changed_notification! ⇒ Object

  Skips sending the email changed notification after_update.

• #skip_password_change_notification! ⇒ Object

  Skips sending the password change notification after_update.

• #update_with_password(params, *options) ⇒ Object

  Update record attributes when :current_password matches, otherwise returns error on :current_password.

• #update_without_password(params) ⇒ Object

  Updates record attributes without asking for the current password.

• #valid_password?(password) ⇒ Boolean

  Verifies whether a password (ie from sign in) is the user password.

Class Method Details

.required_fields(klass) ⇒ Object

# File 'lib/kingsman/models/database_authenticatable.rb', line 58

def self.required_fields(klass)
  [:encrypted_password] + klass.authentication_keys
end

Instance Method Details

#after_database_authentication ⇒ Object

A callback initiated after successfully authenticating. This can be used to insert your own logic that is only run after the user successfully authenticates.

Example:

def after_database_authentication
  self.update_attribute(:invite_code, nil)
end

# File 'lib/kingsman/models/database_authenticatable.rb', line 156

def after_database_authentication
end

#authenticatable_salt ⇒ Object

A reliable way to expose the salt regardless of the implementation.

# File 'lib/kingsman/models/database_authenticatable.rb', line 160

def authenticatable_salt
  encrypted_password[0,29] if encrypted_password
end

#clean_up_passwords ⇒ Object

Set password and password confirmation to nil

# File 'lib/kingsman/models/database_authenticatable.rb', line 76

def clean_up_passwords
  self.password = self.password_confirmation = nil
end

#destroy_with_password(current_password) ⇒ Object

Destroy record when :current_password matches, otherwise returns error on :current_password. It also automatically rejects :current_password if it is blank.

# File 'lib/kingsman/models/database_authenticatable.rb', line 134

def destroy_with_password(current_password)
  result = if valid_password?(current_password)
    destroy
  else
    valid?
    errors.add(:current_password, current_password.blank? ? :blank : :invalid)
    false
  end

  result
end

#initialize(*args, &block) ⇒ Object

# File 'lib/kingsman/models/database_authenticatable.rb', line 42

def initialize(*args, &block)
  @skip_email_changed_notification = false
  @skip_password_change_notification = false
  super
end

#password=(new_password) ⇒ Object

Generates a hashed password based on the given value. For legacy reasons, we use ‘encrypted_password` to store the hashed password.

# File 'lib/kingsman/models/database_authenticatable.rb', line 65

def password=(new_password)
  @password = new_password
  self.encrypted_password = password_digest(@password) if @password.present?
end

#send_email_changed_notification ⇒ Object

Send notification to user when email changes.

# File 'lib/kingsman/models/database_authenticatable.rb', line 165

def send_email_changed_notification
  send_kingsman_notification(:email_changed, to: kingsman_email_before_last_save)
end

#send_password_change_notification ⇒ Object

Send notification to user when password changes.

# File 'lib/kingsman/models/database_authenticatable.rb', line 170

def send_password_change_notification
  send_kingsman_notification(:password_change)
end

#skip_email_changed_notification! ⇒ Object

Skips sending the email changed notification after_update

# File 'lib/kingsman/models/database_authenticatable.rb', line 49

def skip_email_changed_notification!
  @skip_email_changed_notification = true
end

#skip_password_change_notification! ⇒ Object

Skips sending the password change notification after_update

# File 'lib/kingsman/models/database_authenticatable.rb', line 54

def skip_password_change_notification!
  @skip_password_change_notification = true
end

#update_with_password(params, *options) ⇒ Object

Update record attributes when :current_password matches, otherwise returns error on :current_password.

This method also rejects the password field if it is blank (allowing users to change relevant information like the e-mail without changing their password). In case the password field is rejected, the confirmation is also rejected as long as it is also blank.

# File 'lib/kingsman/models/database_authenticatable.rb', line 87

def update_with_password(params, *options)
  current_password = params.delete(:current_password)

  # Note: the reject_blank_password is a kingsman only option (not in Devise)
  opts = options.extract_options!
  if params[:password].blank? && opts[:reject_blank_password] != false
    params.delete(:password)
    params.delete(:password_confirmation) if params[:password_confirmation].blank?
  end

  result = if valid_password?(current_password)
    update(params, *options)
  else
    assign_attributes(params, *options)
    valid?
    errors.add(:current_password, current_password.blank? ? :blank : :invalid)
    false
  end

  clean_up_passwords
  result
end

#update_without_password(params) ⇒ Object

Updates record attributes without asking for the current password. Never allows a change to the current password. If you are using this method, you should probably override this method to protect other attributes you would not like to be updated without a password.

Example:

def update_without_password(params)
  params.delete(:email)
  super(params)
end

# File 'lib/kingsman/models/database_authenticatable.rb', line 122

def update_without_password(params)
  params.delete(:password)
  params.delete(:password_confirmation)

  result = update(params, *options)
  clean_up_passwords
  result
end

#valid_password?(password) ⇒ Boolean

Verifies whether a password (ie from sign in) is the user password.

Returns:

• (Boolean)

# File 'lib/kingsman/models/database_authenticatable.rb', line 71

def valid_password?(password)
  Kingsman::Encryptor.compare(encrypted_password, password)
end