devise 2.1.0.rc → 2.1.0.rc2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise might be problematic. Click here for more details.
- data/CHANGELOG.rdoc +23 -1
- data/Gemfile +1 -1
- data/Gemfile.lock +4 -6
- data/MIT-LICENSE +1 -1
- data/README.md +7 -3
- data/Rakefile +1 -1
- data/app/controllers/devise/sessions_controller.rb +2 -4
- data/app/controllers/devise/unlocks_controller.rb +15 -2
- data/app/controllers/devise_controller.rb +24 -11
- data/devise.gemspec +1 -1
- data/gemfiles/Gemfile.rails-3.1.x +1 -1
- data/gemfiles/Gemfile.rails-3.1.x.lock +38 -40
- data/lib/devise.rb +13 -55
- data/lib/devise/controllers/helpers.rb +0 -5
- data/lib/devise/failure_app.rb +3 -1
- data/lib/devise/hooks/lockable.rb +7 -0
- data/lib/devise/hooks/timeoutable.rb +1 -0
- data/lib/devise/models.rb +9 -3
- data/lib/devise/models/authenticatable.rb +13 -3
- data/lib/devise/models/confirmable.rb +2 -5
- data/lib/devise/models/database_authenticatable.rb +4 -6
- data/lib/devise/models/lockable.rb +6 -6
- data/lib/devise/models/rememberable.rb +3 -3
- data/lib/devise/models/token_authenticatable.rb +4 -1
- data/lib/devise/modules.rb +0 -1
- data/lib/devise/orm/active_record.rb +1 -42
- data/lib/devise/orm/mongoid.rb +1 -29
- data/lib/devise/rails.rb +1 -58
- data/lib/devise/rails/routes.rb +1 -1
- data/lib/devise/rails/warden_compat.rb +10 -4
- data/lib/devise/strategies/rememberable.rb +1 -1
- data/lib/devise/test_helpers.rb +48 -9
- data/lib/devise/version.rb +1 -1
- data/lib/generators/active_record/devise_generator.rb +8 -4
- data/lib/generators/devise/orm_helpers.rb +2 -1
- data/lib/generators/mongoid/devise_generator.rb +0 -3
- data/lib/generators/templates/devise.rb +1 -8
- data/test/controllers/custom_strategy_test.rb +62 -0
- data/test/controllers/sessions_controller_test.rb +21 -1
- data/test/failure_app_test.rb +13 -3
- data/test/generators/active_record_generator_test.rb +32 -0
- data/test/integration/authenticatable_test.rb +2 -2
- data/test/integration/recoverable_test.rb +13 -0
- data/test/integration/token_authenticatable_test.rb +13 -0
- data/test/models/lockable_test.rb +0 -9
- data/test/models/rememberable_test.rb +1 -2
- data/test/models_test.rb +5 -5
- data/test/rails_app/app/mongoid/admin.rb +0 -3
- data/test/rails_app/app/mongoid/user.rb +0 -3
- data/test/rails_app/config/initializers/devise.rb +0 -15
- data/test/rails_app/config/routes.rb +1 -0
- data/test/rails_app/db/migrate/20100401102949_create_tables.rb +0 -6
- data/test/rails_app/lib/shared_admin.rb +1 -1
- metadata +17 -24
- data/lib/devise/encryptors/authlogic_sha512.rb +0 -19
- data/lib/devise/encryptors/base.rb +0 -24
- data/lib/devise/encryptors/bcrypt.rb +0 -14
- data/lib/devise/encryptors/clearance_sha1.rb +0 -17
- data/lib/devise/encryptors/restful_authentication_sha1.rb +0 -22
- data/lib/devise/encryptors/sha1.rb +0 -25
- data/lib/devise/encryptors/sha512.rb +0 -25
- data/lib/devise/models/encryptable.rb +0 -80
- data/lib/devise/schema.rb +0 -109
- data/test/encryptors_test.rb +0 -30
- data/test/models/encryptable_test.rb +0 -73
@@ -26,9 +26,6 @@ class User
|
|
26
26
|
field :current_sign_in_ip, :type => String
|
27
27
|
field :last_sign_in_ip, :type => String
|
28
28
|
|
29
|
-
## Encryptable
|
30
|
-
# field :password_salt, :type => String
|
31
|
-
|
32
29
|
## Confirmable
|
33
30
|
field :confirmation_token, :type => String
|
34
31
|
field :confirmed_at, :type => Time
|
@@ -12,9 +12,6 @@ Devise.setup do |config|
|
|
12
12
|
# Configure the class responsible to send e-mails.
|
13
13
|
# config.mailer = "Devise::Mailer"
|
14
14
|
|
15
|
-
# Disable apply schema
|
16
|
-
config.apply_schema = false
|
17
|
-
|
18
15
|
# ==> ORM configuration
|
19
16
|
# Load and configure the ORM. Supports :active_record (default) and
|
20
17
|
# :mongoid (bson_ext recommended) by default. Other ORMs may be
|
@@ -87,10 +84,6 @@ Devise.setup do |config|
|
|
87
84
|
# If true, extends the user's remember period when remembered via cookie.
|
88
85
|
# config.extend_remember_period = false
|
89
86
|
|
90
|
-
# If true, uses the password salt as remember token. This should be turned
|
91
|
-
# to false if you are not using database authenticatable.
|
92
|
-
config.use_salt_as_remember_token = true
|
93
|
-
|
94
87
|
# ==> Configuration for :validatable
|
95
88
|
# Range for password length. Default is 6..128.
|
96
89
|
# config.password_length = 6..128
|
@@ -136,14 +129,6 @@ Devise.setup do |config|
|
|
136
129
|
# change their passwords.
|
137
130
|
config.reset_password_within = 2.hours
|
138
131
|
|
139
|
-
# ==> Configuration for :encryptable
|
140
|
-
# Allow you to use another encryption algorithm besides bcrypt (default). You can use
|
141
|
-
# :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
|
142
|
-
# :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
|
143
|
-
# and :restful_authentication_sha1 (then you should set stretches to 10, and copy
|
144
|
-
# REST_AUTH_SITE_KEY to pepper)
|
145
|
-
config.encryptor = :sha512
|
146
|
-
|
147
132
|
# Setup a pepper to generate the encrypted password.
|
148
133
|
config.pepper = "d142367154e5beacca404b1a6a4f8bc52c6fdcfa3ccc3cf8eb49f3458a688ee6ac3b9fae488432a3bfca863b8a90008368a9f3a3dfbe5a962e64b6ab8f3a3a1a"
|
149
134
|
|
@@ -22,9 +22,6 @@ class CreateTables < ActiveRecord::Migration
|
|
22
22
|
t.string :current_sign_in_ip
|
23
23
|
t.string :last_sign_in_ip
|
24
24
|
|
25
|
-
## Encryptable
|
26
|
-
# t.string :password_salt
|
27
|
-
|
28
25
|
## Confirmable
|
29
26
|
t.string :confirmation_token
|
30
27
|
t.datetime :confirmed_at
|
@@ -60,9 +57,6 @@ class CreateTables < ActiveRecord::Migration
|
|
60
57
|
t.datetime :confirmation_sent_at
|
61
58
|
t.string :unconfirmed_email # Only if using reconfirmable
|
62
59
|
|
63
|
-
## Encryptable
|
64
|
-
t.string :password_salt
|
65
|
-
|
66
60
|
## Lockable
|
67
61
|
t.datetime :locked_at
|
68
62
|
|
@@ -2,7 +2,7 @@ module SharedAdmin
|
|
2
2
|
extend ActiveSupport::Concern
|
3
3
|
|
4
4
|
included do
|
5
|
-
devise :database_authenticatable, :
|
5
|
+
devise :database_authenticatable, :registerable,
|
6
6
|
:timeoutable, :recoverable, :lockable, :confirmable,
|
7
7
|
:unlock_strategy => :time, :lock_strategy => :none,
|
8
8
|
:allow_unconfirmed_access_for => 2.weeks, :reconfirmable => true
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.1.0.
|
4
|
+
version: 2.1.0.rc2
|
5
5
|
prerelease: 6
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,11 +10,11 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2012-
|
13
|
+
date: 2012-05-09 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: warden
|
17
|
-
requirement: &
|
17
|
+
requirement: &70149203225360 !ruby/object:Gem::Requirement
|
18
18
|
none: false
|
19
19
|
requirements:
|
20
20
|
- - ~>
|
@@ -22,21 +22,21 @@ dependencies:
|
|
22
22
|
version: 1.1.1
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
|
-
version_requirements: *
|
25
|
+
version_requirements: *70149203225360
|
26
26
|
- !ruby/object:Gem::Dependency
|
27
27
|
name: orm_adapter
|
28
|
-
requirement: &
|
28
|
+
requirement: &70149203221880 !ruby/object:Gem::Requirement
|
29
29
|
none: false
|
30
30
|
requirements:
|
31
31
|
- - ~>
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 0.0.
|
33
|
+
version: 0.0.7
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
|
-
version_requirements: *
|
36
|
+
version_requirements: *70149203221880
|
37
37
|
- !ruby/object:Gem::Dependency
|
38
38
|
name: bcrypt-ruby
|
39
|
-
requirement: &
|
39
|
+
requirement: &70149203220960 !ruby/object:Gem::Requirement
|
40
40
|
none: false
|
41
41
|
requirements:
|
42
42
|
- - ~>
|
@@ -44,10 +44,10 @@ dependencies:
|
|
44
44
|
version: '3.0'
|
45
45
|
type: :runtime
|
46
46
|
prerelease: false
|
47
|
-
version_requirements: *
|
47
|
+
version_requirements: *70149203220960
|
48
48
|
- !ruby/object:Gem::Dependency
|
49
49
|
name: railties
|
50
|
-
requirement: &
|
50
|
+
requirement: &70149203220380 !ruby/object:Gem::Requirement
|
51
51
|
none: false
|
52
52
|
requirements:
|
53
53
|
- - ~>
|
@@ -55,7 +55,7 @@ dependencies:
|
|
55
55
|
version: '3.1'
|
56
56
|
type: :runtime
|
57
57
|
prerelease: false
|
58
|
-
version_requirements: *
|
58
|
+
version_requirements: *70149203220380
|
59
59
|
description: Flexible authentication solution for Rails with Warden
|
60
60
|
email: contact@plataformatec.com.br
|
61
61
|
executables: []
|
@@ -101,16 +101,10 @@ files:
|
|
101
101
|
- lib/devise/controllers/scoped_views.rb
|
102
102
|
- lib/devise/controllers/url_helpers.rb
|
103
103
|
- lib/devise/delegator.rb
|
104
|
-
- lib/devise/encryptors/authlogic_sha512.rb
|
105
|
-
- lib/devise/encryptors/base.rb
|
106
|
-
- lib/devise/encryptors/bcrypt.rb
|
107
|
-
- lib/devise/encryptors/clearance_sha1.rb
|
108
|
-
- lib/devise/encryptors/restful_authentication_sha1.rb
|
109
|
-
- lib/devise/encryptors/sha1.rb
|
110
|
-
- lib/devise/encryptors/sha512.rb
|
111
104
|
- lib/devise/failure_app.rb
|
112
105
|
- lib/devise/hooks/activatable.rb
|
113
106
|
- lib/devise/hooks/forgetable.rb
|
107
|
+
- lib/devise/hooks/lockable.rb
|
114
108
|
- lib/devise/hooks/rememberable.rb
|
115
109
|
- lib/devise/hooks/timeoutable.rb
|
116
110
|
- lib/devise/hooks/trackable.rb
|
@@ -120,7 +114,6 @@ files:
|
|
120
114
|
- lib/devise/models/authenticatable.rb
|
121
115
|
- lib/devise/models/confirmable.rb
|
122
116
|
- lib/devise/models/database_authenticatable.rb
|
123
|
-
- lib/devise/models/encryptable.rb
|
124
117
|
- lib/devise/models/lockable.rb
|
125
118
|
- lib/devise/models/omniauthable.rb
|
126
119
|
- lib/devise/models/recoverable.rb
|
@@ -140,7 +133,6 @@ files:
|
|
140
133
|
- lib/devise/rails.rb
|
141
134
|
- lib/devise/rails/routes.rb
|
142
135
|
- lib/devise/rails/warden_compat.rb
|
143
|
-
- lib/devise/schema.rb
|
144
136
|
- lib/devise/strategies/authenticatable.rb
|
145
137
|
- lib/devise/strategies/base.rb
|
146
138
|
- lib/devise/strategies/database_authenticatable.rb
|
@@ -168,13 +160,13 @@ files:
|
|
168
160
|
- lib/generators/templates/simple_form_for/registrations/new.html.erb
|
169
161
|
- lib/generators/templates/simple_form_for/sessions/new.html.erb
|
170
162
|
- lib/generators/templates/simple_form_for/unlocks/new.html.erb
|
163
|
+
- test/controllers/custom_strategy_test.rb
|
171
164
|
- test/controllers/helpers_test.rb
|
172
165
|
- test/controllers/internal_helpers_test.rb
|
173
166
|
- test/controllers/sessions_controller_test.rb
|
174
167
|
- test/controllers/url_helpers_test.rb
|
175
168
|
- test/delegator_test.rb
|
176
169
|
- test/devise_test.rb
|
177
|
-
- test/encryptors_test.rb
|
178
170
|
- test/failure_app_test.rb
|
179
171
|
- test/generators/active_record_generator_test.rb
|
180
172
|
- test/generators/devise_generator_test.rb
|
@@ -202,7 +194,6 @@ files:
|
|
202
194
|
- test/models/authenticatable_test.rb
|
203
195
|
- test/models/confirmable_test.rb
|
204
196
|
- test/models/database_authenticatable_test.rb
|
205
|
-
- test/models/encryptable_test.rb
|
206
197
|
- test/models/lockable_test.rb
|
207
198
|
- test/models/omniauthable_test.rb
|
208
199
|
- test/models/recoverable_test.rb
|
@@ -288,6 +279,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
288
279
|
- - ! '>='
|
289
280
|
- !ruby/object:Gem::Version
|
290
281
|
version: '0'
|
282
|
+
segments:
|
283
|
+
- 0
|
284
|
+
hash: 2428675562235820602
|
291
285
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
292
286
|
none: false
|
293
287
|
requirements:
|
@@ -301,13 +295,13 @@ signing_key:
|
|
301
295
|
specification_version: 3
|
302
296
|
summary: Flexible authentication solution for Rails with Warden
|
303
297
|
test_files:
|
298
|
+
- test/controllers/custom_strategy_test.rb
|
304
299
|
- test/controllers/helpers_test.rb
|
305
300
|
- test/controllers/internal_helpers_test.rb
|
306
301
|
- test/controllers/sessions_controller_test.rb
|
307
302
|
- test/controllers/url_helpers_test.rb
|
308
303
|
- test/delegator_test.rb
|
309
304
|
- test/devise_test.rb
|
310
|
-
- test/encryptors_test.rb
|
311
305
|
- test/failure_app_test.rb
|
312
306
|
- test/generators/active_record_generator_test.rb
|
313
307
|
- test/generators/devise_generator_test.rb
|
@@ -335,7 +329,6 @@ test_files:
|
|
335
329
|
- test/models/authenticatable_test.rb
|
336
330
|
- test/models/confirmable_test.rb
|
337
331
|
- test/models/database_authenticatable_test.rb
|
338
|
-
- test/models/encryptable_test.rb
|
339
332
|
- test/models/lockable_test.rb
|
340
333
|
- test/models/omniauthable_test.rb
|
341
334
|
- test/models/recoverable_test.rb
|
@@ -1,19 +0,0 @@
|
|
1
|
-
require "digest/sha2"
|
2
|
-
|
3
|
-
module Devise
|
4
|
-
module Encryptors
|
5
|
-
# = AuthlogicSha512
|
6
|
-
# Simulates Authlogic's default encryption mechanism.
|
7
|
-
# Warning: it uses Devise's stretches configuration to port Authlogic's one. Should be set to 20 in the initializer to simulate
|
8
|
-
# the default behavior.
|
9
|
-
class AuthlogicSha512 < Base
|
10
|
-
# Generates a default password digest based on salt, pepper and the
|
11
|
-
# incoming password.
|
12
|
-
def self.digest(password, stretches, salt, pepper)
|
13
|
-
digest = [password, salt].flatten.join('')
|
14
|
-
stretches.times { digest = Digest::SHA512.hexdigest(digest) }
|
15
|
-
digest
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
@@ -1,24 +0,0 @@
|
|
1
|
-
module Devise
|
2
|
-
# Implements a way of adding different encryptions.
|
3
|
-
# The class should implement a self.digest method that taks the following params:
|
4
|
-
# - password
|
5
|
-
# - stretches: the number of times the encryption will be applied
|
6
|
-
# - salt: the password salt as defined by devise
|
7
|
-
# - pepper: Devise config option
|
8
|
-
#
|
9
|
-
module Encryptors
|
10
|
-
class Base
|
11
|
-
def self.digest
|
12
|
-
raise NotImplemented
|
13
|
-
end
|
14
|
-
|
15
|
-
def self.salt(stretches)
|
16
|
-
Devise.friendly_token[0,20]
|
17
|
-
end
|
18
|
-
|
19
|
-
def self.compare(encrypted_password, password, stretches, salt, pepper)
|
20
|
-
Devise.secure_compare(encrypted_password, digest(password, stretches, salt, pepper))
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
@@ -1,14 +0,0 @@
|
|
1
|
-
module Devise
|
2
|
-
module Encryptors
|
3
|
-
class BCrypt < Base
|
4
|
-
def self.digest(password, stretches, salt, pepper)
|
5
|
-
::BCrypt::Engine.hash_secret("#{password}#{pepper}",salt, stretches)
|
6
|
-
end
|
7
|
-
|
8
|
-
def self.compare(encrypted_password, password, stretches, salt, pepper)
|
9
|
-
salt = ::BCrypt::Password.new(encrypted_password).salt
|
10
|
-
Devise.secure_compare(encrypted_password, digest(password, stretches, salt, pepper))
|
11
|
-
end
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|
@@ -1,17 +0,0 @@
|
|
1
|
-
require "digest/sha1"
|
2
|
-
|
3
|
-
module Devise
|
4
|
-
module Encryptors
|
5
|
-
# = ClearanceSha1
|
6
|
-
# Simulates Clearance's default encryption mechanism.
|
7
|
-
# Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
|
8
|
-
# Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES
|
9
|
-
class ClearanceSha1 < Base
|
10
|
-
# Generates a default password digest based on salt, pepper and the
|
11
|
-
# incoming password.
|
12
|
-
def self.digest(password, stretches, salt, pepper)
|
13
|
-
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
|
14
|
-
end
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
@@ -1,22 +0,0 @@
|
|
1
|
-
require "digest/sha1"
|
2
|
-
|
3
|
-
module Devise
|
4
|
-
module Encryptors
|
5
|
-
# = RestfulAuthenticationSha1
|
6
|
-
# Simulates Restful Authentication's default encryption mechanism.
|
7
|
-
# Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
|
8
|
-
# Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES. Should be set to 10 in
|
9
|
-
# the initializer to simulate the default behavior.
|
10
|
-
class RestfulAuthenticationSha1 < Base
|
11
|
-
|
12
|
-
# Generates a default password digest based on salt, pepper and the
|
13
|
-
# incoming password.
|
14
|
-
def self.digest(password, stretches, salt, pepper)
|
15
|
-
digest = pepper
|
16
|
-
stretches.times { digest = Digest::SHA1.hexdigest([digest, salt, password, pepper].flatten.join('--')) }
|
17
|
-
digest
|
18
|
-
end
|
19
|
-
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
@@ -1,25 +0,0 @@
|
|
1
|
-
require "digest/sha1"
|
2
|
-
|
3
|
-
module Devise
|
4
|
-
module Encryptors
|
5
|
-
# = Sha1
|
6
|
-
# Uses the Sha1 hash algorithm to encrypt passwords.
|
7
|
-
class Sha1 < Base
|
8
|
-
# Generates a default password digest based on stretches, salt, pepper and the
|
9
|
-
# incoming password.
|
10
|
-
def self.digest(password, stretches, salt, pepper)
|
11
|
-
digest = pepper
|
12
|
-
stretches.times { digest = self.secure_digest(salt, digest, password, pepper) }
|
13
|
-
digest
|
14
|
-
end
|
15
|
-
|
16
|
-
private
|
17
|
-
|
18
|
-
# Generate a SHA1 digest joining args. Generated token is something like
|
19
|
-
# --arg1--arg2--arg3--argN--
|
20
|
-
def self.secure_digest(*tokens)
|
21
|
-
::Digest::SHA1.hexdigest('--' << tokens.flatten.join('--') << '--')
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
@@ -1,25 +0,0 @@
|
|
1
|
-
require "digest/sha2"
|
2
|
-
|
3
|
-
module Devise
|
4
|
-
module Encryptors
|
5
|
-
# = Sha512
|
6
|
-
# Uses the Sha512 hash algorithm to encrypt passwords.
|
7
|
-
class Sha512 < Base
|
8
|
-
# Generates a default password digest based on salt, pepper and the
|
9
|
-
# incoming password.
|
10
|
-
def self.digest(password, stretches, salt, pepper)
|
11
|
-
digest = pepper
|
12
|
-
stretches.times { digest = self.secure_digest(salt, digest, password, pepper) }
|
13
|
-
digest
|
14
|
-
end
|
15
|
-
|
16
|
-
private
|
17
|
-
|
18
|
-
# Generate a Sha512 digest joining args. Generated token is something like
|
19
|
-
# --arg1--arg2--arg3--argN--
|
20
|
-
def self.secure_digest(*tokens)
|
21
|
-
::Digest::SHA512.hexdigest('--' << tokens.flatten.join('--') << '--')
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
@@ -1,80 +0,0 @@
|
|
1
|
-
require 'devise/strategies/database_authenticatable'
|
2
|
-
|
3
|
-
module Devise
|
4
|
-
module Models
|
5
|
-
# Encryptable module adds support to several encryptors wrapping
|
6
|
-
# them in a salt and pepper mechanism to increase security.
|
7
|
-
#
|
8
|
-
# == Options
|
9
|
-
#
|
10
|
-
# Encryptable adds the following options to devise_for:
|
11
|
-
#
|
12
|
-
# * +pepper+: a random string used to provide a more secure hash.
|
13
|
-
#
|
14
|
-
# * +encryptor+: the encryptor going to be used. By default is nil.
|
15
|
-
#
|
16
|
-
# == Examples
|
17
|
-
#
|
18
|
-
# User.find(1).valid_password?('password123') # returns true/false
|
19
|
-
#
|
20
|
-
module Encryptable
|
21
|
-
extend ActiveSupport::Concern
|
22
|
-
|
23
|
-
included do
|
24
|
-
attr_reader :password, :current_password
|
25
|
-
attr_accessor :password_confirmation
|
26
|
-
end
|
27
|
-
|
28
|
-
def self.required_fields(klass)
|
29
|
-
[:password_salt]
|
30
|
-
end
|
31
|
-
|
32
|
-
# Generates password salt when setting the password.
|
33
|
-
def password=(new_password)
|
34
|
-
self.password_salt = self.class.password_salt if new_password.present?
|
35
|
-
super
|
36
|
-
end
|
37
|
-
|
38
|
-
# Overrides authenticatable salt to use the new password_salt
|
39
|
-
# column. authenticatable_salt is used by `valid_password?`
|
40
|
-
# and by other modules whenever there is a need for a random
|
41
|
-
# token based on the user password.
|
42
|
-
def authenticatable_salt
|
43
|
-
self.password_salt
|
44
|
-
end
|
45
|
-
|
46
|
-
protected
|
47
|
-
|
48
|
-
# Digests the password using the configured encryptor.
|
49
|
-
def password_digest(password)
|
50
|
-
if password_salt.present?
|
51
|
-
encryptor_class.digest(password, self.class.stretches, authenticatable_salt, self.class.pepper)
|
52
|
-
end
|
53
|
-
end
|
54
|
-
|
55
|
-
def encryptor_class
|
56
|
-
self.class.encryptor_class
|
57
|
-
end
|
58
|
-
|
59
|
-
module ClassMethods
|
60
|
-
Devise::Models.config(self, :encryptor)
|
61
|
-
|
62
|
-
# Returns the class for the configured encryptor.
|
63
|
-
def encryptor_class
|
64
|
-
@encryptor_class ||= case encryptor
|
65
|
-
when :bcrypt
|
66
|
-
raise "In order to use bcrypt as encryptor, simply remove :encryptable from your devise model"
|
67
|
-
when nil
|
68
|
-
raise "You need to give an :encryptor as option in order to use :encryptable"
|
69
|
-
else
|
70
|
-
::Devise::Encryptors.const_get(encryptor.to_s.classify)
|
71
|
-
end
|
72
|
-
end
|
73
|
-
|
74
|
-
def password_salt
|
75
|
-
self.encryptor_class.salt(self.stretches)
|
76
|
-
end
|
77
|
-
end
|
78
|
-
end
|
79
|
-
end
|
80
|
-
end
|