From 95ec62ea76b4fca8c2c6f9d49e7e770ff7b39c54 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@plataformatec.com.br>
Date: Wed, 13 Nov 2013 13:45:34 +0100
Subject: [PATCH] Ensure encryption on authentication

---
 lib/devise/strategies/database_authenticatable.rb | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/devise/strategies/database_authenticatable.rb b/lib/devise/strategies/database_authenticatable.rb
index bccebb25..e0a38a10 100644
--- a/lib/devise/strategies/database_authenticatable.rb
+++ b/lib/devise/strategies/database_authenticatable.rb
@@ -5,13 +5,16 @@ module Devise
     # Default strategy for signing in a user, based on his email and password in the database.
     class DatabaseAuthenticatable < Authenticatable
       def authenticate!
-        resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash)
-        return fail(:not_found_in_database) unless resource
+        resource  = valid_password? && mapping.to.find_for_database_authentication(authentication_hash)
+        encrypted = false
 
-        if validate(resource){ resource.valid_password?(password) }
+        if validate(resource){ encrypted = true; resource.valid_password?(password) }
           resource.after_database_authentication
           success!(resource)
         end
+
+        mapping.to.new.password = password if !encrypted && Devise.paranoid
+        fail(:not_found_in_database) unless resource
       end
     end
   end