Module: Devise::Models::PasswordArchivable

Extended by:
ActiveSupport::Concern
Includes:
Compatibility, DatabaseAuthenticatable
Defined in:
lib/devise-security/models/password_archivable.rb

Overview

PasswordArchivable, this depends on the DatabaseAuthenticatable module from devise

Defined Under Namespace

Modules: ClassMethods

Instance Method Summary collapse

Instance Method Details

#archive_countObject


62
63
64
# File 'lib/devise-security/models/password_archivable.rb', line 62

def archive_count
  self.class.password_archiving_count
end

#deny_old_passwordsObject


54
55
56
# File 'lib/devise-security/models/password_archivable.rb', line 54

def deny_old_passwords
  self.class.deny_old_passwords
end

#deny_old_passwords=(count) ⇒ Object


58
59
60
# File 'lib/devise-security/models/password_archivable.rb', line 58

def deny_old_passwords=(count)
  self.class.deny_old_passwords = count
end

#max_old_passwordsInteger

Returns max number of old passwords to store and check.

Returns:

  • (Integer)

    max number of old passwords to store and check


27
28
29
30
31
32
33
34
35
36
# File 'lib/devise-security/models/password_archivable.rb', line 27

def max_old_passwords
  case deny_old_passwords
  when true
    [1, archive_count].max
  when false
    0
  else
    deny_old_passwords.to_i
  end
end

#password_archive_included?true, false

validate is the password used in the past

Returns:

  • (true)

    if current password was used previously

  • (false)

    if disabled or not previously used


41
42
43
44
45
46
47
48
49
50
51
52
# File 'lib/devise-security/models/password_archivable.rb', line 41

def password_archive_included?
  return false unless max_old_passwords.positive?

  old_passwords_including_cur_change = old_passwords.order(created_at: :desc).limit(max_old_passwords).pluck(:encrypted_password)
  old_passwords_including_cur_change << encrypted_password_was # include most recent change in list, but don't save it yet!
  old_passwords_including_cur_change.any? do |old_password|
    # NOTE: we deliberately do not do mass assignment here so that users that
    #   rely on `protected_attributes_continued` gem can still use this extension.
    #   See issue #68
    self.class.new.tap { |object| object.encrypted_password = old_password }.valid_password?(password)
  end
end

#validate_password_archiveObject


22
23
24
# File 'lib/devise-security/models/password_archivable.rb', line 22

def validate_password_archive
  errors.add(:password, :taken_in_past) if will_save_change_to_encrypted_password? && password_archive_included?
end