Skip to content
Newer
Older
100644 67 lines (59 sloc) 2.51 KB
39b5ea6 @dhh Switch from SHA2 to BCrypt (easy Windows compatibility is coming shor…
dhh authored Dec 18, 2010
1 require 'bcrypt'
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::Secure…
dhh authored Dec 18, 2010
2
3 module ActiveModel
4 module SecurePassword
5 extend ActiveSupport::Concern
6
7 module ClassMethods
bd9dc4f @dhh BCrypt does its own salting, lovely!
dhh authored Dec 18, 2010
8 # Adds methods to set and authenticate against a BCrypt password.
9 # This mechanism requires you to have a password_digest attribute.
a39a333 @mikel Added ability to specify which passwords you want as weak passwords
mikel authored Dec 19, 2010
10 #
08ccd29 @spastorino Remove weak_passwords list and the length/strong password validator, …
spastorino authored Dec 19, 2010
11 # Validations for presence of password, confirmation of password (using
12 # a "password_confirmation" attribute) are automatically added.
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::Secure…
dhh authored Dec 18, 2010
13 # You can add more validations by hand if need be.
14 #
15 # Example using Active Record (which automatically includes ActiveModel::SecurePassword):
16 #
bd9dc4f @dhh BCrypt does its own salting, lovely!
dhh authored Dec 19, 2010
17 # # Schema: User(name:string, password_digest:string)
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::Secure…
dhh authored Dec 18, 2010
18 # class User < ActiveRecord::Base
19 # has_secure_password
20 # end
21 #
08ccd29 @spastorino Remove weak_passwords list and the length/strong password validator, …
spastorino authored Dec 19, 2010
22 # user = User.new(:name => "david", :password => "", :password_confirmation => "nomatch")
23 # user.save # => false, password required
a39a333 @mikel Added ability to specify which passwords you want as weak passwords
mikel authored Dec 19, 2010
24 # user.password = "mUc3m00RsqyRe"
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::Secure…
dhh authored Dec 18, 2010
25 # user.save # => false, confirmation doesn't match
a39a333 @mikel Added ability to specify which passwords you want as weak passwords
mikel authored Dec 19, 2010
26 # user.password_confirmation = "mUc3m00RsqyRe"
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::Secure…
dhh authored Dec 18, 2010
27 # user.save # => true
28 # user.authenticate("notright") # => false
29 # user.authenticate("mUc3m00RsqyRe") # => user
30 # User.find_by_name("david").try(:authenticate, "notright") # => nil
31 # User.find_by_name("david").try(:authenticate, "mUc3m00RsqyRe") # => user
32 def has_secure_password
33 attr_reader :password
34 attr_accessor :password_confirmation
35
36 validates_confirmation_of :password
37 validates_presence_of :password_digest
43433b3 @dhh Instance methods shouldnt be added until you actually call has_secure…
dhh authored Dec 29, 2010
38
39 include InstanceMethodsOnActivation
ad31549 @kuroda Override attributes_protected_by_default when has_secure_password is …
kuroda authored Jan 26, 2011
40
41 if respond_to?(:attributes_protected_by_default)
42 def self.attributes_protected_by_default
43 super + ['password_digest']
44 end
45 end
a39a333 @mikel Added ability to specify which passwords you want as weak passwords
mikel authored Dec 19, 2010
46 end
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::Secure…
dhh authored Dec 18, 2010
47 end
48
43433b3 @dhh Instance methods shouldnt be added until you actually call has_secure…
dhh authored Dec 29, 2010
49 module InstanceMethodsOnActivation
50 # Returns self if the password is correct, otherwise false.
51 def authenticate(unencrypted_password)
52 if BCrypt::Password.new(password_digest) == unencrypted_password
53 self
54 else
55 false
56 end
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::Secure…
dhh authored Dec 18, 2010
57 end
58
43433b3 @dhh Instance methods shouldnt be added until you actually call has_secure…
dhh authored Dec 29, 2010
59 # Encrypts the password into the password_digest attribute.
60 def password=(unencrypted_password)
61 @password = unencrypted_password
62 self.password_digest = BCrypt::Password.create(unencrypted_password)
63 end
b8f6dd8 @josevalim Add missing require and remove extra module.
josevalim authored Dec 19, 2010
64 end
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::Secure…
dhh authored Dec 18, 2010
65 end
08ccd29 @spastorino Remove weak_passwords list and the length/strong password validator, …
spastorino authored Dec 19, 2010
66 end
Something went wrong with that request. Please try again.