Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Instance methods shouldnt be added until you actually call has_secure…

…_password
  • Loading branch information...
commit 43433b3fb4b9c054e0bcaaa1f7456b3fececd268 1 parent fd1cf13
@dhh dhh authored
Showing with 15 additions and 11 deletions.
  1. +15 −11 activemodel/lib/active_model/secure_password.rb
View
26 activemodel/lib/active_model/secure_password.rb
@@ -37,22 +37,26 @@ def has_secure_password
validates_confirmation_of :password
validates_presence_of :password_digest
+
+ include InstanceMethodsOnActivation
end
end
- # Returns self if the password is correct, otherwise false.
- def authenticate(unencrypted_password)
- if BCrypt::Password.new(password_digest) == unencrypted_password
- self
- else
- false
+ module InstanceMethodsOnActivation
+ # Returns self if the password is correct, otherwise false.
+ def authenticate(unencrypted_password)
+ if BCrypt::Password.new(password_digest) == unencrypted_password

How is this supposed to work as BCrypt::Password.new returns a hashed value, but unencrypted_password is the plaintext version of the password? How will they ever be ==?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ self
+ else
+ false
+ end
end
- end
- # Encrypts the password into the password_digest attribute.
- def password=(unencrypted_password)
- @password = unencrypted_password
- self.password_digest = BCrypt::Password.create(unencrypted_password)
+ # Encrypts the password into the password_digest attribute.
+ def password=(unencrypted_password)
+ @password = unencrypted_password
+ self.password_digest = BCrypt::Password.create(unencrypted_password)
+ end
end
end
end

0 comments on commit 43433b3

Please sign in to comment.
Something went wrong with that request. Please try again.