Commit ced3ca5e

@@ -1,5 +1,8 @@
+require 'bcrypt'
+
 class User < ActiveRecord::Base
-  before_save :ensure_authentication_token
+  include BCrypt
+  #before_save :ensure_authentication_token
   after_create :send_welcome_email unless Rails.env.test?
 
   validates :name,  :presence => true
@@ -34,6 +37,15 @@ class User < ActiveRecord::Base
     self.save
   end
 
+  def password
+    @password ||= Password.new(password_hash)
+  end
+
+  def password=(new_password)
+    @password = Password.create(new_password)
+    self.encrypted_password = @password
+  end
+
   def has_avatar?
     self.avatar && self.avatar.avatar.present?
   end
@@ -77,7 +89,7 @@ class User < ActiveRecord::Base
       user = User.find_by(email: username)
       return false if user.nil?
       bcrypt = ::BCrypt::Password.new(user.encrypted_password)
-      password = ::BCrypt::Engine.hash_secret("#{password}#{User.pepper}", bcrypt.salt)
+      password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt)
       if secure_compare(password, user.encrypted_password)
         UserSession.create!(user: user)
       else

@@ -10,7 +10,6 @@ describe User do
     it { should respond_to :latitude }
     it { should respond_to :longitude }
     it { should respond_to :password }
-    it { should respond_to :remember_me }
     it { should respond_to :website }
     it { should respond_to :interests }
     it { should respond_to :creations }

@@ -14,6 +14,7 @@ end
 
 # to remove
 #gem 'devise', '~> 3.0.0'
+gem 'bcrypt-ruby'
 gem 'carrierwave', '~> 0.9.0'
 gem 'rmagick', '~> 2.13.0'
 gem 'acts-as-taggable-on', '~> 3.3.0'

@@ -37,6 +37,9 @@ GEM
     aws-sdk (1.42.0)
       json (~> 1.4)
       nokogiri (>= 1.4.4)
+    bcrypt (3.1.7)
+    bcrypt-ruby (3.1.5)
+      bcrypt (>= 3.1.3)
     better_errors (2.0.0)
       coderay (>= 1.0.0)
       erubis (>= 2.6.6)
@@ -340,6 +343,7 @@ DEPENDENCIES
   acts-as-taggable-on (~> 3.3.0)
   asset_sync (~> 1.0.0)
   aws-sdk (~> 1.42.0)
+  bcrypt-ruby
   better_errors
   binding_of_caller
   bootstrap-sass (~> 2.3.0)