1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
heartcombo--devise/lib/devise/models/authenticable.rb

83 lines
2.2 KiB
Ruby

module Devise
module Authenticable
require 'digest/sha1'
# Pepper for encrypting password
mattr_accessor :pepper
self.pepper = '23c64df433d9b08e464db5c05d1e6202dd2823f0'
def self.included(base)
base.class_eval do
extend ClassMethods
attr_reader :password
attr_accessor :password_confirmation
attr_accessible :email, :password, :password_confirmation
end
end
# Defines the new password, generating a salt and encrypting it.
#
def password=(new_password)
if new_password != @password
@password = new_password
if @password.present?
generate_salt
encrypt_password
end
end
end
# Verifies whether an incoming_password (ie from login) is the user password
#
def valid_password?(incoming_password)
password_digest(incoming_password) == encrypted_password
end
private
# Generate password salt using SHA1 based on password and Time.now
#
def generate_salt
self.password_salt = secure_digest(Time.now.utc, random_string, password) if password_salt.blank?
end
# Encrypt password using SHA1
#
def encrypt_password
self.encrypted_password = password_digest(password)
end
# Gererates a default password digest based on salt, pepper and the
# incoming password
#
def password_digest(password_to_digest)
secure_digest(password_salt, @@pepper, password_to_digest)
end
# Generate a SHA1 digest joining args. Generated token is something like
#
# --arg1--arg2--arg3--argN--
#
def secure_digest(*tokens)
::Digest::SHA1.hexdigest('--' << tokens.flatten.join('--') << '--')
end
# Generate a string randomically based on rand method
#
def random_string
(1..10).map{ rand.to_s }
end
module ClassMethods
# Authenticate a user based on email and password. Returns the
# authenticated user if it's valid or nil
#
def authenticate(email, password)
authenticable = self.find_by_email(email)
authenticable if authenticable.valid_password?(password) unless authenticable.nil?
end
end
end
end