module Devise::Models::PasswordDisallowsFrequentReuse

Public Instance Methods

validate_password_frequent_reuse() click to toggle source
# File lib/devise/secure_password/models/password_disallows_frequent_reuse.rb, line 21
def validate_password_frequent_reuse
  if encrypted_password_changed? && previous_password?(password)
    error_string = I18n.t(
      'secure_password.password_disallows_frequent_reuse.errors.messages.password_is_recent',
      count: self.class.password_previously_used_count
    )
    errors.add(:base, error_string)
  end

  errors.count.zero?
end

Protected Instance Methods

after_resource_saved() click to toggle source
# File lib/devise/secure_password/models/password_disallows_frequent_reuse.rb, line 37
def after_resource_saved
  salt = ::BCrypt::Password.new(encrypted_password).salt
  previous_password = previous_passwords.build(user_id: id, salt: salt, encrypted_password: encrypted_password)
  previous_password.save!
end
before_resource_saved() click to toggle source
# File lib/devise/secure_password/models/password_disallows_frequent_reuse.rb, line 35
def before_resource_saved; end
dirty_password?() click to toggle source
# File lib/devise/secure_password/models/password_disallows_frequent_reuse.rb, line 55
def dirty_password?
  return false unless password_required?

  if Rails.version > '5.1'
    saved_change_to_encrypted_password?
  else
    encrypted_password_changed?
  end
end
previous_password?(password) click to toggle source
# File lib/devise/secure_password/models/password_disallows_frequent_reuse.rb, line 43
def previous_password?(password)
  salts = previous_passwords.select(:salt).map(&:salt)
  pepper = self.class.pepper.presence || ''

  salts.each do |salt|
    candidate = ::BCrypt::Engine.hash_secret("#{password}#{pepper}", salt)
    return true unless previous_passwords.find_by(encrypted_password: candidate).nil?
  end

  false
end