Custom attribute name in has_secure_password #1440
Conversation
|
Assigned to @dhh for review. I think this ticket looks good to me, just curious if you want to add anything to it or not. |
ghost
assigned 
|
I think if we allow a customized password field, we need to allow to have more than one secured_password field. |
| # Returns self if the password is correct, otherwise false. | ||
| def authenticate(unencrypted_password) | ||
| if BCrypt::Password.new(password_digest) == unencrypted_password | ||
| if BCrypt::Password.new(send(:"#{custom_password_attribute}")) == unencrypted_password |
There was a problem hiding this comment.
This could be simply send(custom_password_attribute), no?
There was a problem hiding this comment.
Correct. I did change it but forgot to push it. Will do now.
|
More than one secure field does make sense. Should I do it in this pull request or may be do it as a separate pull request? Please give your opinion. |
|
I don't think we need to support more than one field. As maintainer of Devise, nobody has ever asked for a feature like that. |
|
I think the ability to encrypt any field and not just password field would be interesting. Something like: has_secure_field :some_random_attribute However, it would need more work as at the moment the whole idea of secure field is tightly bound to password but IMHO the code should be able to adapt to any field irrespective. Therefore, I would create a diff pull request for it if it's deemed useful. Opinion? |
|
Any more feedback on this pull request? |
|
There is a rampant discussion on this topic in issue #1159. My personal opinion is that this is so easy to implement, any non-standard interaction (field name, encryption method, etc.) should just have its own implementation. If absolutely needed, any options to |
|
I am closing this after some discussion with other cores. If you want more customization, there are plenty auth tools out there. |
Added code to allow users to pass a custom attribute name to has_secure_password.
Example: