A port of Rails has_secure_password for Ecto models.
The full documentation is available at http://hexdocs.pm/secure_password/SecurePassword.html
- Add
secure_password
to your list of dependencies inmix.exs
:
def deps do
[{:secure_password, "~> 0.3.0"}]
end
- Ensure
secure_password
is started before your application:
def application do
[applications: [:secure_password]]
end
To use secure_password
, you need to
- Add
use SecurePassword
to your model - Add
has_secure_password
to your schema - Add
with_secure_password
to your changeset (see the docs for the available options)
NOTE: Be sure to have password
either in your changeset required_fields
or optional_fields
.
You do not need to add password_confirmation
in either as it will be checked from changeset.params
.
Here is an example user module.
defmodule User do
use Ecto.Schema
use SecurePassword
import Ecto.Changeset
schema "users" do
field :email, :string
field :name, :string
has_secure_password
end
@required_fields ~w(email)
@optional_fields ~w(name password)
def changeset(model, params \\ :empty) do
model
|> cast(params, @required_fields, @optional_fields)
|> with_secure_password(min_length: 8)
end
end
To authenticate the model, you just need to call Model.authenticate
.
It will return the user struct when the password is valid, and false
otherwise.
if user = User.authenticate(MyRepo.get(User, 1), params["password"]) do
# do something
else
# you are not authenticated
end
This library uses comeonin to hash passwords.
To avoid slowing down the tests, you can add the following to your config/test.exs
.
config :comeonin, :bcrypt_log_rounds, 4
config :comeonin, :pbkdf2_rounds, 1