module Authlogic::ActsAsAuthentic::Password::Methods::InstanceMethods

Public Instance Methods

password() click to toggle source

The password

# File lib/authlogic/acts_as_authentic/password.rb, line 233
def password
  @password
end
password=(pass) click to toggle source

This is a virtual method. Once a password is passed to it, it will create new password salt as well as encrypt the password.

# File lib/authlogic/acts_as_authentic/password.rb, line 239
def password=(pass)
  return if ignore_blank_passwords? && pass.blank?
  before_password_set
  @password = pass
  send("#{password_salt_field}=", Authlogic::Random.friendly_token) if password_salt_field
  send("#{crypted_password_field}=", crypto_provider.encrypt(*encrypt_arguments(@password, false, act_like_restful_authentication? ? :restful_authentication : nil)))
  @password_changed = true
  after_password_set
end
randomize_password()
Alias for: reset_password
randomize_password!()
Alias for: reset_password!
reset_password() click to toggle source

Resets the password to a random friendly token.

# File lib/authlogic/acts_as_authentic/password.rb, line 274
def reset_password
  friendly_token = Authlogic::Random.friendly_token
  self.password = friendly_token
  self.password_confirmation = friendly_token
end
Also aliased as: randomize_password
reset_password!() click to toggle source

Resets the password to a random friendly token and then saves the record.

# File lib/authlogic/acts_as_authentic/password.rb, line 282
def reset_password!
  reset_password
  save_without_session_maintenance(:validate => false)
end
Also aliased as: randomize_password!
valid_password?(attempted_password, check_against_database = check_passwords_against_database?) click to toggle source

Accepts a raw password to determine if it is the correct password or not. Notice the second argument. That defaults to the value of check_passwords_against_database. See that method for more information, but basically it just tells Authlogic to check the password against the value in the database or the value in the object.

# File lib/authlogic/acts_as_authentic/password.rb, line 252
def valid_password?(attempted_password, check_against_database = check_passwords_against_database?)
  crypted = check_against_database && send("#{crypted_password_field}_changed?") ? send("#{crypted_password_field}_was") : send(crypted_password_field)
  return false if attempted_password.blank? || crypted.blank?
  before_password_verification

  crypto_providers.each_with_index do |encryptor, index|
    # The arguments_type of for the transitioning from restful_authentication
    arguments_type = (act_like_restful_authentication? && index == 0) ||
      (transition_from_restful_authentication? && index > 0 && encryptor == Authlogic::CryptoProviders::Sha1) ?
      :restful_authentication : nil

    if encryptor.matches?(crypted, *encrypt_arguments(attempted_password, check_against_database, arguments_type))
      transition_password(attempted_password) if transition_password?(index, encryptor, crypted, check_against_database)
      after_password_verification
      return true
    end
  end

  false
end

Private Instance Methods

check_passwords_against_database?() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 289
def check_passwords_against_database?
  self.class.check_passwords_against_database == true
end
crypted_password_field() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 340
def crypted_password_field
  self.class.crypted_password_field
end
crypto_provider() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 348
def crypto_provider
  self.class.crypto_provider
end
crypto_providers() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 293
def crypto_providers
  [crypto_provider] + transition_from_crypto_providers
end
encrypt_arguments(raw_password, check_against_database, arguments_type = nil) click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 297
def encrypt_arguments(raw_password, check_against_database, arguments_type = nil)
  salt = nil
  salt = (check_against_database && send("#{password_salt_field}_changed?") ? send("#{password_salt_field}_was") : send(password_salt_field)) if password_salt_field

  case arguments_type
  when :restful_authentication
    [REST_AUTH_SITE_KEY, salt, raw_password, REST_AUTH_SITE_KEY].compact
  else
    [raw_password, salt].compact
  end
end
ignore_blank_passwords?() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 328
def ignore_blank_passwords?
  self.class.ignore_blank_passwords == true
end
password_changed?() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 332
def password_changed?
  @password_changed == true
end
password_salt_field() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 344
def password_salt_field
  self.class.password_salt_field
end
require_password?() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 324
def require_password?
  new_record? || password_changed? || send(crypted_password_field).blank?
end
reset_password_changed() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 336
def reset_password_changed
  @password_changed = nil
end
transition_from_crypto_providers() click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 352
def transition_from_crypto_providers
  self.class.transition_from_crypto_providers
end
transition_password(attempted_password) click to toggle source
# File lib/authlogic/acts_as_authentic/password.rb, line 319
def transition_password(attempted_password)
  self.password = attempted_password
  save(:validate => false)
end
transition_password?(index, encryptor, crypted, check_against_database) click to toggle source

Determines if we need to tranisiton the password. If the index > 0 then we are using an “transition from” crypto provider. If the encryptor has a cost and the cost it outdated. If we aren't using database values If we are using database values, only if the password hasn't changed so we don't overwrite any changes

# File lib/authlogic/acts_as_authentic/password.rb, line 314
def transition_password?(index, encryptor, crypted, check_against_database)
  (index > 0 || (encryptor.respond_to?(:cost_matches?) && !encryptor.cost_matches?(send(crypted_password_field)))) &&
    (!check_against_database || !send("#{crypted_password_field}_changed?"))
end