Module: Devise::Models::Authenticatable

Defined in:
lib/devise/models/authenticatable.rb

Overview

Authenticable Module, responsible for encrypting password and validating authenticity of a user while signing in.

Configuration:

You can overwrite configuration values by setting in globally in Devise, using devise method or overwriting the respective instance method.

pepper: encryption key used for creating encrypted password. Each time
        password changes, it's gonna be encrypted again, and this key
        is added to the password and salt to create a secure hash.
        Always use `rake secret' to generate a new key.

stretches: defines how many times the password will be encrypted.

Examples:

User.authenticate('[email protected]', 'password123')  # returns authenticated user or nil
User.find(1).valid_password?('password123')         # returns true/false

Defined Under Namespace

Modules: ClassMethods

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(base) ⇒ Object 



28
29
30
31
32
33
34
35
 
# File 'lib/devise/models/authenticatable.rb', line 28

def self.included(base)
  base.class_eval do
    extend ClassMethods

    attr_reader :password
    attr_accessor :password_confirmation
  end
end

Instance Method Details

#password=(new_password) ⇒ Object

Regenerates password salt and encrypted password each time password is setted.



39
40
41
42
43
 
# File 'lib/devise/models/authenticatable.rb', line 39

def password=(new_password)
  @password = new_password
  self.password_salt = friendly_token
  self.encrypted_password = password_digest(@password)
end

#valid_password?(incoming_password) ⇒ Boolean

Verifies whether an incoming_password (ie from login) is the user password.

Returns:

  • (Boolean) 


47
48
49
 
# File 'lib/devise/models/authenticatable.rb', line 47

def valid_password?(incoming_password)
  password_digest(incoming_password) == encrypted_password
end