module Devision::Models::DatabaseAuthenticatable

Authenticatable Module, responsible for encrypting password and validating authenticity of a user while signing in.

Options

Examples

User.find(1).valid_password?('password123')         # returns true/false

Attributes

current_password[R]
password[R]
password_confirmation[RW]

Public Class Methods

required_fields(klass) click to toggle source

Fields required on the target Model

# File lib/devision/models/database_authenticatable.rb, line 19
def self.required_fields(klass)
  [:encrypted_password] + klass.authentication_keys
end

Public Instance Methods

after_database_authentication() click to toggle source

A callback initiated after successfully authenticating. This can be used to insert your own logic that is only run after the user successfully authenticates.

Example:

def after_database_authentication
  self.update_attribute(:invite_code, nil)
end
# File lib/devision/models/database_authenticatable.rb, line 57
def after_database_authentication
end
authenticatable_salt() click to toggle source

A reliable way to expose the salt regardless of the implementation.

# File lib/devision/models/database_authenticatable.rb, line 61
def authenticatable_salt
  encrypted_password[0,29] if encrypted_password
end
clean_up_passwords() click to toggle source

Set password and password confirmation to nil

# File lib/devision/models/database_authenticatable.rb, line 43
def clean_up_passwords
  self.password = self.password_confirmation = nil
end
password=(new_password) click to toggle source

Generates password encryption based on the given value.

# File lib/devision/models/database_authenticatable.rb, line 29
def password=(new_password)
  @password = new_password
  self.encrypted_password = password_digest(@password) if @password.present?
end
valid_password?(password) click to toggle source

Verifies whether an password (ie from sign in) is the user password.

# File lib/devision/models/database_authenticatable.rb, line 35
def valid_password?(password)
  return false if encrypted_password.blank?
  bcrypt   = ::BCrypt::Password.new(encrypted_password)
  password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt)
  Devision.secure_compare(password, encrypted_password)
end

Protected Instance Methods

password_digest(password) click to toggle source

Digests the password using bcrypt. Custom encryption should override this method to apply their own algorithm.

See github.com/plataformatec/devise-encryptable for examples of other encryption engines.

# File lib/devision/models/database_authenticatable.rb, line 72
def password_digest(password)
  Devision.bcrypt(self.class, password)
end