Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance has_secure_password to also generate a password_salt method #47490

Merged
merged 1 commit into from Mar 9, 2023
Merged

Enhance has_secure_password to also generate a password_salt method #47490

merged 1 commit into from Mar 9, 2023

Conversation

lazaronixon
Copy link
Contributor

@lazaronixon lazaronixon commented Feb 24, 2023
edited

Motivation / Background

As mentioned here there's an additional task to be done in order to simplify the token generation for password hashes.

image

Before:

class User < ActiveRecord::Base
  has_secure_password
  
  generates_token_for :password_reset, expires_in: 15.minutes do
    BCrypt::Password.new(password_digest).salt[-10..]
  end
end

After:

class User < ActiveRecord::Base
  has_secure_password
  
  generates_token_for :password_reset, expires_in: 15.minutes do
    password_salt[-10..]
  end
end

@lazaronixon
Copy link
Contributor Author

@jonathanhefner

@lazaronixon lazaronixon force-pushed the has_secure_password_salt branch 2 times, most recently from ce659be to 3633390 Compare March 8, 2023 05:37
jonathanhefner
jonathanhefner reviewed Mar 8, 2023
View reviewed changes
Copy link
Member

@jonathanhefner jonathanhefner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for working on this! 😀

activemodel/test/cases/secure_password_test.rb Show resolved Hide resolved
activemodel/CHANGELOG.md Outdated Show resolved Hide resolved
activemodel/CHANGELOG.md Outdated Show resolved Hide resolved
@jonathanhefner
Copy link
Member

Also, what do you think about updating the example in the documentation for generates_token_for?

rails/activerecord/lib/active_record/token_for.rb

Lines 68 to 71 in 3dd5d49

# generates_token_for :password_reset, expires_in: 15.minutes do
# # Last 10 characters of password salt, which changes when password is updated:
# BCrypt::Password.new(password_digest).salt[-10..]
# end

@lazaronixon lazaronixon force-pushed the has_secure_password_salt branch 3 times, most recently from cf86672 to 59f3316 Compare March 9, 2023 04:54
@lazaronixon lazaronixon force-pushed the has_secure_password_salt branch 3 times, most recently from 9307434 to b842755 Compare March 9, 2023 19:34
@jonathanhefner jonathanhefner merged commit db8f664 into rails:main Mar 9, 2023
4 checks passed
@jonathanhefner
Copy link
Member

Thank you, @lazaronixon! 🧂

paracycle added a commit to Shopify/tapioca that referenced this pull request Jul 19, 2023
@paracycle
Add password salt getter added in Rails head
9772dcc 
Added in Rails here: rails/rails#47490
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@guilleiguaran guilleiguaran guilleiguaran left review comments

@jonathanhefner jonathanhefner jonathanhefner approved these changes

Assignees
No one assigned
Labels
activemodel activerecord
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@lazaronixon @jonathanhefner @guilleiguaran