module Devise::Models::PasswordArchivable

PasswordArchivable

Public Instance Methods

password_archive_included?() click to toggle source

validate is the password used in the past

# File lib/devise_security_extension/models/password_archivable.rb, line 19
def password_archive_included?
  unless self.class.deny_old_passwords.is_a? Fixnum
    if self.class.deny_old_passwords.is_a? TrueClass and archive_count > 0
      self.class.deny_old_passwords = archive_count
    else
      self.class.deny_old_passwords = 0
    end
  end

  if self.class.deny_old_passwords > 0 and not self.password.nil?
    old_passwords_including_cur_change = self.old_passwords.order(:id).reverse_order.limit(self.class.deny_old_passwords)
    old_passwords_including_cur_change << OldPassword.new(old_password_params)  # include most recent change in list, but don't save it yet!
    old_passwords_including_cur_change.each do |old_password|
      dummy                    = self.class.new
      dummy.encrypted_password = old_password.encrypted_password
      return true if dummy.valid_password?(self.password)
    end
  end

  false
end
password_changed_to_same?() click to toggle source
# File lib/devise_security_extension/models/password_archivable.rb, line 41
def password_changed_to_same?
  pass_change = encrypted_password_change
  pass_change && pass_change.first == pass_change.last
end
validate_password_archive() click to toggle source
# File lib/devise_security_extension/models/password_archivable.rb, line 14
def validate_password_archive
  self.errors.add(:password, :taken_in_past) if encrypted_password_changed? and password_archive_included?
end

Private Instance Methods

archive_count() click to toggle source
# File lib/devise_security_extension/models/password_archivable.rb, line 48
def archive_count
  self.class.password_archiving_count
end
archive_password() click to toggle source

archive the last password before save and delete all to old passwords from archive

# File lib/devise_security_extension/models/password_archivable.rb, line 53
def archive_password
  if self.encrypted_password_changed?
    if archive_count.to_i > 0
      self.old_passwords.create! old_password_params
      self.old_passwords.order(:id).reverse_order.offset(archive_count).destroy_all
    else
      self.old_passwords.destroy_all
    end
  end
end
old_password_params() click to toggle source
# File lib/devise_security_extension/models/password_archivable.rb, line 64
def old_password_params
  { encrypted_password: self.encrypted_password_change.first }
end