Module: OmniAuth::Identity::SecurePassword

Included in:

Models::ActiveRecord

Defined in:

lib/omniauth/identity/secure_password.rb

Overview

This is lightly edited from Rails 6.1 code and is used if the version of ActiveModel that’s being used does not include SecurePassword. The only difference is that instead of using ActiveSupport::Concern, it checks to see if there is already a has_secure_password method.

Provides secure password hashing and authentication using BCrypt.

Examples:

Basic Usage

class User
  include OmniAuth::Identity::SecurePassword

  has_secure_password
end

user = User.new(password: 'secret')
user.authenticate('secret') # => user

Defined Under Namespace

Modules: ClassMethods Classes: InstanceMethodsOnActivation

Constant Summary

MAX_PASSWORD_LENGTH_ALLOWED =

BCrypt hash function can handle maximum 72 bytes, and if we pass password of length more than 72 bytes it ignores extra characters. Hence need to put a restriction on password length.

Returns:

• (Integer) —

  The maximum allowed password length in bytes.

BCrypt::Engine::MAX_SECRET_BYTESIZE

Class Attribute Summary

• .min_cost ⇒ true, false

  Controls whether to use minimum cost for BCrypt hashing (for testing).

Instance Attribute Summary

• #MAX_PASSWORD_LENGTH_ALLOWED ⇒ Integer readonly

  BCrypt hash function can handle maximum 72 bytes, and if we pass password of length more than 72 bytes it ignores extra characters.

Class Method Summary

• .included(base) ⇒ Object

Class Attribute Details

.min_cost ⇒ true, false

Controls whether to use minimum cost for BCrypt hashing (for testing).

Returns:

• (true, false)

# File 'lib/omniauth/identity/secure_password.rb', line 43

def min_cost # :nodoc:
  MIN_COST_MUTEX.synchronize { @min_cost.nil? ? false : @min_cost }
end

Instance Attribute Details

#MAX_PASSWORD_LENGTH_ALLOWED ⇒ Integer (readonly)

BCrypt hash function can handle maximum 72 bytes, and if we pass password of length more than 72 bytes it ignores extra characters. Hence need to put a restriction on password length.

Returns:

• (Integer) —

  The maximum allowed password length in bytes.

# File 'lib/omniauth/identity/secure_password.rb', line 30

MAX_PASSWORD_LENGTH_ALLOWED = BCrypt::Engine::MAX_SECRET_BYTESIZE

Class Method Details

.included(base) ⇒ Object

# File 'lib/omniauth/identity/secure_password.rb', line 36

def included(base)
  base.extend(ClassMethods) unless base.respond_to?(:has_secure_password)
end