module Authlogic::ActsAsAuthentic::Password::Methods::InstanceMethods
Public Instance Methods
The password
# File lib/authlogic/acts_as_authentic/password.rb, line 233 def password @password end
This is a virtual method. Once a password is passed to it, it will create new password salt as well as encrypt the password.
# File lib/authlogic/acts_as_authentic/password.rb, line 239 def password=(pass) return if ignore_blank_passwords? && pass.blank? before_password_set @password = pass send("#{password_salt_field}=", Authlogic::Random.friendly_token) if password_salt_field send("#{crypted_password_field}=", crypto_provider.encrypt(*encrypt_arguments(@password, false, act_like_restful_authentication? ? :restful_authentication : nil))) @password_changed = true after_password_set end
Resets the password to a random friendly token.
# File lib/authlogic/acts_as_authentic/password.rb, line 274 def reset_password friendly_token = Authlogic::Random.friendly_token self.password = friendly_token self.password_confirmation = friendly_token end
Resets the password to a random friendly token and then saves the record.
# File lib/authlogic/acts_as_authentic/password.rb, line 282 def reset_password! reset_password save_without_session_maintenance(:validate => false) end
Accepts a raw password to determine if it is the correct password or not. Notice the second argument. That defaults to the value of check_passwords_against_database. See that method for more information, but basically it just tells Authlogic to check the password against the value in the database or the value in the object.
# File lib/authlogic/acts_as_authentic/password.rb, line 252 def valid_password?(attempted_password, check_against_database = check_passwords_against_database?) crypted = check_against_database && send("#{crypted_password_field}_changed?") ? send("#{crypted_password_field}_was") : send(crypted_password_field) return false if attempted_password.blank? || crypted.blank? before_password_verification crypto_providers.each_with_index do |encryptor, index| # The arguments_type of for the transitioning from restful_authentication arguments_type = (act_like_restful_authentication? && index == 0) || (transition_from_restful_authentication? && index > 0 && encryptor == Authlogic::CryptoProviders::Sha1) ? :restful_authentication : nil if encryptor.matches?(crypted, *encrypt_arguments(attempted_password, check_against_database, arguments_type)) transition_password(attempted_password) if transition_password?(index, encryptor, crypted, check_against_database) after_password_verification return true end end false end
Private Instance Methods
# File lib/authlogic/acts_as_authentic/password.rb, line 289 def check_passwords_against_database? self.class.check_passwords_against_database == true end
# File lib/authlogic/acts_as_authentic/password.rb, line 340 def crypted_password_field self.class.crypted_password_field end
# File lib/authlogic/acts_as_authentic/password.rb, line 348 def crypto_provider self.class.crypto_provider end
# File lib/authlogic/acts_as_authentic/password.rb, line 293 def crypto_providers [crypto_provider] + transition_from_crypto_providers end
# File lib/authlogic/acts_as_authentic/password.rb, line 297 def encrypt_arguments(raw_password, check_against_database, arguments_type = nil) salt = nil salt = (check_against_database && send("#{password_salt_field}_changed?") ? send("#{password_salt_field}_was") : send(password_salt_field)) if password_salt_field case arguments_type when :restful_authentication [REST_AUTH_SITE_KEY, salt, raw_password, REST_AUTH_SITE_KEY].compact else [raw_password, salt].compact end end
# File lib/authlogic/acts_as_authentic/password.rb, line 328 def ignore_blank_passwords? self.class.ignore_blank_passwords == true end
# File lib/authlogic/acts_as_authentic/password.rb, line 332 def password_changed? @password_changed == true end
# File lib/authlogic/acts_as_authentic/password.rb, line 344 def password_salt_field self.class.password_salt_field end
# File lib/authlogic/acts_as_authentic/password.rb, line 324 def require_password? new_record? || password_changed? || send(crypted_password_field).blank? end
# File lib/authlogic/acts_as_authentic/password.rb, line 336 def reset_password_changed @password_changed = nil end
# File lib/authlogic/acts_as_authentic/password.rb, line 352 def transition_from_crypto_providers self.class.transition_from_crypto_providers end
# File lib/authlogic/acts_as_authentic/password.rb, line 319 def transition_password(attempted_password) self.password = attempted_password save(:validate => false) end
Determines if we need to tranisiton the password. If the index > 0 then we are using an “transition from” crypto provider. If the encryptor has a cost and the cost it outdated. If we aren't using database values If we are using database values, only if the password hasn't changed so we don't overwrite any changes
# File lib/authlogic/acts_as_authentic/password.rb, line 314 def transition_password?(index, encryptor, crypted, check_against_database) (index > 0 || (encryptor.respond_to?(:cost_matches?) && !encryptor.cost_matches?(send(crypted_password_field)))) && (!check_against_database || !send("#{crypted_password_field}_changed?")) end