module Devise::Models::DatabaseAuthenticatable
def self.included(base)
def self.included(base) base.class_eval do extend ClassMethods attr_reader :password, :current_password attr_accessor :password_confirmation end end
def clean_up_passwords
def clean_up_passwords self.password = self.password_confirmation = nil end
def old_password
def old_password ActiveSupport::Deprecation.warn "old_password is deprecated, please use current_password instead", caller @old_password end
def password=(new_password)
Regenerates password salt and encrypted password each time password is set,
def password=(new_password) @password = new_password if @password.present? self.password_salt = self.class.encryptor_class.salt self.encrypted_password = password_digest(@password) end end
def password_digest(password)
def password_digest(password) self.class.encryptor_class.digest(password, self.class.stretches, self.password_salt, self.class.pepper) end
def password_required?
Passwords are always required if it's a new record, or if the password
Checks whether a password is needed or not. For validations only.
def password_required? new_record? || !password.nil? || !password_confirmation.nil? end
def update_with_password(params={})
error on :current_password. It also automatically rejects :password and
Update record attributes when :current_password matches, otherwise returns
def update_with_password(params={}) current_password = params.delete(:current_password) if params[:password].blank? params.delete(:password) params.delete(:password_confirmation) if params[:password_confirmation].blank? end result = if valid_password?(current_password) update_attributes(params) else message = current_password.blank? ? :blank : :invalid self.class.add_error_on(self, :current_password, message, false) self.attributes = params false end clean_up_passwords unless result result end
def valid_for_authentication?(attributes)
def valid_for_authentication?(attributes) valid_password?(attributes[:password]) end
def valid_password?(incoming_password)
def valid_password?(incoming_password) password_digest(incoming_password) == self.encrypted_password end