Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 77 lines (68 sloc) 3.235 kb
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePas...
dhh authored
1 module ActiveModel
2 module SecurePassword
3 extend ActiveSupport::Concern
4
5 module ClassMethods
bd9dc4f @dhh BCrypt does its own salting, lovely!
dhh authored
6 # Adds methods to set and authenticate against a BCrypt password.
7 # This mechanism requires you to have a password_digest attribute.
a39a333 @mikel Added ability to specify which passwords you want as weak passwords
mikel authored
8 #
0e1e527 has_secure_password shouldn't validate password_digest. It should also ...
Erich Menge authored
9 # Validations for presence of password on create, confirmation of password (using
08ccd29 @spastorino Remove weak_passwords list and the length/strong password validator, lea...
spastorino authored
10 # a "password_confirmation" attribute) are automatically added.
0e1e527 has_secure_password shouldn't validate password_digest. It should also ...
Erich Menge authored
11 # If you wish to turn off validations, pass 'validations: false' as an argument.
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePas...
dhh authored
12 # You can add more validations by hand if need be.
13 #
9b02f3f @guilleiguaran Add comments about bcrypt-ruby gem to SecurePassword
guilleiguaran authored
14 # You need to add bcrypt-ruby (~> 3.0.0) to Gemfile to use has_secure_password:
15 #
16 # gem 'bcrypt-ruby', '~> 3.0.0'
17 #
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePas...
dhh authored
18 # Example using Active Record (which automatically includes ActiveModel::SecurePassword):
19 #
bd9dc4f @dhh BCrypt does its own salting, lovely!
dhh authored
20 # # Schema: User(name:string, password_digest:string)
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePas...
dhh authored
21 # class User < ActiveRecord::Base
22 # has_secure_password
23 # end
24 #
08ccd29 @spastorino Remove weak_passwords list and the length/strong password validator, lea...
spastorino authored
25 # user = User.new(:name => "david", :password => "", :password_confirmation => "nomatch")
26 # user.save # => false, password required
a39a333 @mikel Added ability to specify which passwords you want as weak passwords
mikel authored
27 # user.password = "mUc3m00RsqyRe"
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePas...
dhh authored
28 # user.save # => false, confirmation doesn't match
a39a333 @mikel Added ability to specify which passwords you want as weak passwords
mikel authored
29 # user.password_confirmation = "mUc3m00RsqyRe"
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePas...
dhh authored
30 # user.save # => true
31 # user.authenticate("notright") # => false
32 # user.authenticate("mUc3m00RsqyRe") # => user
9d119c5 @ab9 fix example code in documentation for has_secure_password
ab9 authored
33 # User.find_by_name("david").try(:authenticate, "notright") # => false
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePas...
dhh authored
34 # User.find_by_name("david").try(:authenticate, "mUc3m00RsqyRe") # => user
0e1e527 has_secure_password shouldn't validate password_digest. It should also ...
Erich Menge authored
35 def has_secure_password(options = {})
826a850 @vijaydev fix a typo and slightly reword has_secure_password comment
vijaydev authored
36 # Load bcrypt-ruby only when has_secure_password is used.
37 # This is to avoid ActiveModel (and by extension the entire framework) being dependent on a binary library.
6779064 @guilleiguaran Remove hard dependency on bcrypt.
guilleiguaran authored
38 gem 'bcrypt-ruby', '~> 3.0.0'
39 require 'bcrypt'
40
93659a3 @dasch Remove superfluous whitespace from ActiveModel::SecurePassword
dasch authored
41 attr_reader :password
0e1e527 has_secure_password shouldn't validate password_digest. It should also ...
Erich Menge authored
42
43 if options.fetch(:validations, true)
44 validates_confirmation_of :password
45 validates_presence_of :password, :on => :create
46 end
47
48 before_create { raise "Password digest missing on new record" if password_digest.blank? }
a8365ab @bcardarella Declaring the attr_accessor for password_confirmation is not necessary
bcardarella authored
49
43433b3 @dhh Instance methods shouldnt be added until you actually call has_secure_pa...
dhh authored
50 include InstanceMethodsOnActivation
ad31549 @kuroda Override attributes_protected_by_default when has_secure_password is cal...
kuroda authored
51
52 if respond_to?(:attributes_protected_by_default)
53 def self.attributes_protected_by_default
54 super + ['password_digest']
55 end
56 end
a39a333 @mikel Added ability to specify which passwords you want as weak passwords
mikel authored
57 end
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePas...
dhh authored
58 end
59
43433b3 @dhh Instance methods shouldnt be added until you actually call has_secure_pa...
dhh authored
60 module InstanceMethodsOnActivation
61 # Returns self if the password is correct, otherwise false.
62 def authenticate(unencrypted_password)
ffa974d @oscardelben Refactor SecurePassword#authenticate
oscardelben authored
63 BCrypt::Password.new(password_digest) == unencrypted_password && self
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePas...
dhh authored
64 end
65
52188c7 @oscardelben Correct documentation of SecurePassword
oscardelben authored
66 # Encrypts the password into the password_digest attribute, only if the
67 # new password is not blank.
43433b3 @dhh Instance methods shouldnt be added until you actually call has_secure_pa...
dhh authored
68 def password=(unencrypted_password)
3e23752 @tenderlove bcrypt will encrypt anything, so validate_presence_of would not catch ni...
tenderlove authored
69 unless unencrypted_password.blank?
692b3b6 @oscardelben Fix secure_password setter
oscardelben authored
70 @password = unencrypted_password
3e23752 @tenderlove bcrypt will encrypt anything, so validate_presence_of would not catch ni...
tenderlove authored
71 self.password_digest = BCrypt::Password.create(unencrypted_password)
72 end
43433b3 @dhh Instance methods shouldnt be added until you actually call has_secure_pa...
dhh authored
73 end
b8f6dd8 @josevalim Add missing require and remove extra module.
josevalim authored
74 end
bcf4e4f @dhh Added ActiveRecord::Base#has_secure_password (via ActiveModel::SecurePas...
dhh authored
75 end
08ccd29 @spastorino Remove weak_passwords list and the length/strong password validator, lea...
spastorino authored
76 end
Something went wrong with that request. Please try again.