Commit `7bf02588`

mo khan <mo@mokhan.ca>
2014-10-16 00:01:31
switch to has_secure_password.
master
1 parent e35346c
Changed files (1)
app
models
user.rb
@@ -1,17 +1,18 @@
 require 'bcrypt'
 
 class User < ActiveRecord::Base
-  include BCrypt
+  #include BCrypt
+  has_secure_password
+  #has_secure_password validations: false
   before_save :ensure_authentication_token
   after_create :send_welcome_email unless Rails.env.test?
 
   validates :name, presence: true
   validates :email, presence: true, uniqueness: true, email: true
   validates :website, :format => URI::regexp(%w(http https)), :allow_blank => true
-  #validates :password, length: { in: 6..20 }, unless: Proc.new { |x| x.password.blank? }
 
-  validates_presence_of     :password, :if => :password_required?
-  validates_confirmation_of :password, :if => :password_required?
+  #validates_presence_of     :password, :if => :password_required?
+  #validates_confirmation_of :password, :if => :password_required?
   validates_length_of       :password, :within => 6..20, :allow_blank => true
 
   has_many :creations, :dependent => :destroy
@@ -42,15 +43,23 @@ class User < ActiveRecord::Base
     self.save
   end
 
-  def password
-    @password
+  def password_digest
+    encrypted_password
   end
 
-  def password=(new_password)
-    @password = new_password
-    self.encrypted_password = Password.create(new_password)
+  def password_digest=(value)
+    self.encrypted_password = value
   end
 
+  #def password
+    #@password
+  #end
+
+  #def password=(new_password)
+    #@password = new_password
+    #self.encrypted_password = Password.create(new_password)
+  #end
+
   def has_avatar?
     self.avatar && self.avatar.image.present?
   end
@@ -80,12 +89,12 @@ class User < ActiveRecord::Base
     creations.create(name: name, category_id: category.id)
   end
 
-  def valid_password?(password)
-    return false if encrypted_password.blank?
-    bcrypt = ::BCrypt::Password.new(encrypted_password)
-    password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt)
-    secure_compare(password, encrypted_password)
-  end
+  #def valid_password?(password)
+    #return false if encrypted_password.blank?
+    #bcrypt = ::BCrypt::Password.new(encrypted_password)
+    #password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt)
+    #secure_compare(password, encrypted_password)
+  #end
 
   class << self
     def ordered
@@ -100,7 +109,7 @@ class User < ActiveRecord::Base
     def login(username, password)
       user = User.find_by(email: username)
       return false if user.nil?
-      if user.valid_password?(password)
+      if user.authenticate(password)
         UserSession.create!(user: user)
       else
         false
@@ -112,20 +121,20 @@ class User < ActiveRecord::Base
   private
 
   # constant-time comparison algorithm to prevent timing attacks
-  def secure_compare(a, b)
-    return false if a.blank? || b.blank? || a.bytesize != b.bytesize
-    l = a.unpack "C#{a.bytesize}"
+  #def secure_compare(a, b)
+    #return false if a.blank? || b.blank? || a.bytesize != b.bytesize
+    #l = a.unpack "C#{a.bytesize}"
 
-    res = 0
-    b.each_byte { |byte| res |= byte ^ l.shift }
-    res == 0
-  end
+    #res = 0
+    #b.each_byte { |byte| res |= byte ^ l.shift }
+    #res == 0
+  #end
 
   def ensure_authentication_token
     self.authentication_token = SecureRandom.hex(32) if self.authentication_token.blank?
   end
 
-  def password_required?
-    !persisted? || !password.nil? || !password_confirmation.nil?
-  end
+  #def password_required?
+    #!persisted? || !password.nil? || !password_confirmation.nil?
+  #end
 end
Commit 7bf02588

Commit `7bf02588`
