module Authlogic::ActsAsAuthentic::Password::Methods::InstanceMethods

Public Instance Methods

password() click to toggle source

The password

# File lib/authlogic/acts_as_authentic/password.rb, line 188
def password
  return nil unless defined?(@password)
  @password
end
password=(pass) click to toggle source

This is a virtual method. Once a password is passed to it, it will create new password salt as well as encrypt the password.

# File lib/authlogic/acts_as_authentic/password.rb, line 195
def password=(pass)
  return if ignore_blank_passwords? && pass.blank?
  run_callbacks :password_set do
    @password = pass
    if password_salt_field
      send("#{password_salt_field}=", Authlogic::Random.friendly_token)
    end
    send(
      "#{crypted_password_field}=",
      crypto_provider.encrypt(*encrypt_arguments(@password, false))
    )
    @password_changed = true
  end
end
randomize_password()
Alias for: reset_password
randomize_password!()
Alias for: reset_password!
reset_password() click to toggle source

Resets the password to a random friendly token.

# File lib/authlogic/acts_as_authentic/password.rb, line 243
def reset_password
  friendly_token = Authlogic::Random.friendly_token
  self.password = friendly_token
  self.password_confirmation = friendly_token if self.class.require_password_confirmation
end
Also aliased as: randomize_password
reset_password!() click to toggle source

Resets the password to a random friendly token and then saves the record.

# File lib/authlogic/acts_as_authentic/password.rb, line 251
def reset_password!
  reset_password
  save_without_session_maintenance(validate: false)
end
Also aliased as: randomize_password!
valid_password?( attempted_password, check_against_database = check_passwords_against_database? ) click to toggle source

Accepts a raw password to determine if it is the correct password.

  • attempted_password [String] - password entered by user

  • check_against_database [boolean] - Should we check the password against the value in the database or the value in the object? Default taken from config option check_passwords_against_database. See config method for more information.

# File lib/authlogic/acts_as_authentic/password.rb, line 217
def valid_password?(
  attempted_password,
  check_against_database = check_passwords_against_database?
)
  crypted = crypted_password_to_validate_against(check_against_database)
  return false if attempted_password.blank? || crypted.blank?
  run_callbacks :password_verification do
    crypto_providers.each_with_index.any? do |encryptor, index|
      if encryptor_matches?(
        crypted,
        encryptor,
        attempted_password,
        check_against_database
      )
        if transition_password?(index, encryptor, check_against_database)
          transition_password(attempted_password)
        end
        true
      else
        false
      end
    end
  end
end

Private Instance Methods

check_passwords_against_database?() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 267
def check_passwords_against_database?
  self.class.check_passwords_against_database == true
end
crypted_password_field() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 338
def crypted_password_field
  self.class.crypted_password_field
end
crypted_password_to_validate_against(check_against_database) click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 259
def crypted_password_to_validate_against(check_against_database)
  if check_against_database && send("will_save_change_to_#{crypted_password_field}?")
    send("#{crypted_password_field}_in_database")
  else
    send(crypted_password_field)
  end
end
crypto_provider() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 346
def crypto_provider
  self.class.crypto_provider
end
crypto_providers() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 271
def crypto_providers
  [crypto_provider] + transition_from_crypto_providers
end
encrypt_arguments(raw_password, check_against_database) click to toggle source

Returns an array of arguments to be passed to a crypto provider, either its `matches?` or its `encrypt` method.

# File lib/authlogic/acts_as_authentic/password.rb, line 277
def encrypt_arguments(raw_password, check_against_database)
  salt = nil
  if password_salt_field
    salt =
      if check_against_database && send("will_save_change_to_#{password_salt_field}?")
        send("#{password_salt_field}_in_database")
      else
        send(password_salt_field)
      end
  end
  [raw_password, salt].compact
end
encryptor_matches?(crypted, encryptor, attempted_password, check_against_database) click to toggle source

Given `encryptor`, does `attempted_password` match the `crypted` password?

# File lib/authlogic/acts_as_authentic/password.rb, line 291
def encryptor_matches?(crypted, encryptor, attempted_password, check_against_database)
  encryptor_args = encrypt_arguments(attempted_password, check_against_database)
  encryptor.matches?(crypted, *encryptor_args)
end
ignore_blank_passwords?() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 326
def ignore_blank_passwords?
  self.class.ignore_blank_passwords == true
end
password_changed?() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 330
def password_changed?
  defined?(@password_changed) && @password_changed == true
end
password_salt_field() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 342
def password_salt_field
  self.class.password_salt_field
end
require_password?() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 321
def require_password?
  # this is _not_ the activemodel changed? method, see below
  new_record? || password_changed? || send(crypted_password_field).blank?
end
reset_password_changed() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 334
def reset_password_changed
  @password_changed = nil
end
transition_from_crypto_providers() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 350
def transition_from_crypto_providers
  self.class.transition_from_crypto_providers
end
transition_password(attempted_password) click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 316
def transition_password(attempted_password)
  self.password = attempted_password
  save(validate: false)
end
transition_password?(index, encryptor, check_against_database) click to toggle source

Determines if we need to transition the password.

  • If the index > 0 then we are using a “transition from” crypto provider.

  • If the encryptor has a cost and the cost it outdated.

  • If we aren't using database values

  • If we are using database values, only if the password hasn't changed so we don't overwrite any changes

# File lib/authlogic/acts_as_authentic/password.rb, line 304
def transition_password?(index, encryptor, check_against_database)
  (
    index > 0 ||
    (encryptor.respond_to?(:cost_matches?) &&
    !encryptor.cost_matches?(send(crypted_password_field)))
  ) &&
    (
      !check_against_database ||
      !send("will_save_change_to_#{crypted_password_field}?")
    )
end