module Devise::Models::PasswordDisallowsFrequentReuse
Public Instance Methods
validate_password_frequent_reuse()
click to toggle source
# File lib/devise/secure_password/models/password_disallows_frequent_reuse.rb, line 21 def validate_password_frequent_reuse if encrypted_password_changed? && previous_password?(password) error_string = I18n.t( 'secure_password.password_disallows_frequent_reuse.errors.messages.password_is_recent', count: self.class.password_previously_used_count ) errors.add(:base, error_string) end errors.count.zero? end
Protected Instance Methods
after_resource_saved()
click to toggle source
# File lib/devise/secure_password/models/password_disallows_frequent_reuse.rb, line 37 def after_resource_saved salt = ::BCrypt::Password.new(encrypted_password).salt previous_password = previous_passwords.build(user_id: id, salt: salt, encrypted_password: encrypted_password) previous_password.save! end
before_resource_saved()
click to toggle source
# File lib/devise/secure_password/models/password_disallows_frequent_reuse.rb, line 35 def before_resource_saved; end
dirty_password?()
click to toggle source
# File lib/devise/secure_password/models/password_disallows_frequent_reuse.rb, line 55 def dirty_password? return false unless password_required? if Rails.version > '5.1' saved_change_to_encrypted_password? else encrypted_password_changed? end end
previous_password?(password)
click to toggle source
# File lib/devise/secure_password/models/password_disallows_frequent_reuse.rb, line 43 def previous_password?(password) salts = previous_passwords.select(:salt).map(&:salt) pepper = self.class.pepper.presence || '' salts.each do |salt| candidate = ::BCrypt::Engine.hash_secret("#{password}#{pepper}", salt) return true unless previous_passwords.find_by(encrypted_password: candidate).nil? end false end