module Devision::Models::DatabaseAuthenticatable
Authenticatable
Module, responsible for encrypting password and validating authenticity of a user while signing in.
Options¶ ↑
Examples¶ ↑
User.find(1).valid_password?('password123') # returns true/false
Attributes
current_password[R]
password[R]
password_confirmation[RW]
Public Class Methods
required_fields(klass)
click to toggle source
Fields required on the target Model
# File lib/devision/models/database_authenticatable.rb, line 19 def self.required_fields(klass) [:encrypted_password] + klass.authentication_keys end
Public Instance Methods
after_database_authentication()
click to toggle source
A callback initiated after successfully authenticating. This can be used to insert your own logic that is only run after the user successfully authenticates.
Example:
def after_database_authentication self.update_attribute(:invite_code, nil) end
# File lib/devision/models/database_authenticatable.rb, line 57 def after_database_authentication end
authenticatable_salt()
click to toggle source
A reliable way to expose the salt regardless of the implementation.
# File lib/devision/models/database_authenticatable.rb, line 61 def authenticatable_salt encrypted_password[0,29] if encrypted_password end
clean_up_passwords()
click to toggle source
Set password and password confirmation to nil
# File lib/devision/models/database_authenticatable.rb, line 43 def clean_up_passwords self.password = self.password_confirmation = nil end
password=(new_password)
click to toggle source
Generates password encryption based on the given value.
# File lib/devision/models/database_authenticatable.rb, line 29 def password=(new_password) @password = new_password self.encrypted_password = password_digest(@password) if @password.present? end
valid_password?(password)
click to toggle source
Verifies whether an password (ie from sign in) is the user password.
# File lib/devision/models/database_authenticatable.rb, line 35 def valid_password?(password) return false if encrypted_password.blank? bcrypt = ::BCrypt::Password.new(encrypted_password) password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt) Devision.secure_compare(password, encrypted_password) end
Protected Instance Methods
password_digest(password)
click to toggle source
Digests the password using bcrypt. Custom encryption should override this method to apply their own algorithm.
See github.com/plataformatec/devise-encryptable for examples of other encryption engines.
# File lib/devision/models/database_authenticatable.rb, line 72 def password_digest(password) Devision.bcrypt(self.class, password) end