Ensure encryption on authentication
This commit is contained in:
parent
9a412c139f
commit
95ec62ea76
|
@ -5,13 +5,16 @@ module Devise
|
||||||
# Default strategy for signing in a user, based on his email and password in the database.
|
# Default strategy for signing in a user, based on his email and password in the database.
|
||||||
class DatabaseAuthenticatable < Authenticatable
|
class DatabaseAuthenticatable < Authenticatable
|
||||||
def authenticate!
|
def authenticate!
|
||||||
resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash)
|
resource = valid_password? && mapping.to.find_for_database_authentication(authentication_hash)
|
||||||
return fail(:not_found_in_database) unless resource
|
encrypted = false
|
||||||
|
|
||||||
if validate(resource){ resource.valid_password?(password) }
|
if validate(resource){ encrypted = true; resource.valid_password?(password) }
|
||||||
resource.after_database_authentication
|
resource.after_database_authentication
|
||||||
success!(resource)
|
success!(resource)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
mapping.to.new.password = password if !encrypted && Devise.paranoid
|
||||||
|
fail(:not_found_in_database) unless resource
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue