module Devise::Models::DatabaseAuthenticatable

def self.required_fields(klass)

def self.required_fields(klass)
  [:encrypted_password] + klass.authentication_keys
end

def after_database_authentication

def after_database_authentication
end

def authenticatable_salt

A reliable way to expose the salt regardless of the implementation.

def authenticatable_salt
  encrypted_password[0,29] if encrypted_password
end

def clean_up_passwords

Set password and password confirmation to nil

def clean_up_passwords
  self.password = self.password_confirmation = nil
end

def password=(new_password)

Generates password encryption based on the given value.

def password=(new_password)
  @password = new_password
  self.encrypted_password = password_digest(@password) if @password.present?
end

def password_digest(password)

Digests the password using bcrypt.

def password_digest(password)
  ::BCrypt::Password.create("#{password}#{self.class.pepper}", :cost => self.class.stretches).to_s
end

def update_with_password(params, *options)

:password_confirmation if they are blank.
error on :current_password. It also automatically rejects :password and
Update record attributes when :current_password matches, otherwise returns

def update_with_password(params, *options)
  current_password = params.delete(:current_password)
  if params[:password].blank?
    params.delete(:password)
    params.delete(:password_confirmation) if params[:password_confirmation].blank?
  end
  result = if valid_password?(current_password)
    update_attributes(params, *options)
  else
    params.delete(:password)
    self.assign_attributes(params, *options)
    self.valid?
    self.errors.add(:current_password, current_password.blank? ? :blank : :invalid)
    false
  end
  clean_up_passwords
  result
end

def update_without_password(params, *options)

end
super(params)
params.delete(:email)
def update_without_password(params={})

Example:

attributes you would not like to be updated without a password.
method, you should probably override this method to protect other
Never allows a change to the current password. If you are using this
Updates record attributes without asking for the current password.

def update_without_password(params, *options)
  params.delete(:password)
  params.delete(:password_confirmation)
  result = update_attributes(params, *options)
  clean_up_passwords
  result
end

def valid_password?(password)

Verifies whether an password (ie from sign in) is the user password.

def valid_password?(password)
  return false if encrypted_password.blank?
  bcrypt   = ::BCrypt::Password.new(encrypted_password)
  password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt)
  Devise.secure_compare(password, encrypted_password)
end

Modules

Devise::Models::DatabaseAuthenticatable::ClassMethods

Class Methods

:: required_fields

Instance Methods

Defined in

lib/devise/models/database_authenticatable.rb