module Devise::Models::SecureValidatable
SecureValidatable
creates better validations with more validation for security
Options¶ ↑
SecureValidatable
adds the following options to devise_for:
* +email_regexp+: the regular expression used to validate e-mails; * +password_length+: a range expressing password length. Defaults from devise * +password_regex+: need strong password. Defaults to /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
Public Class Methods
assert_secure_validations_api!(base)
click to toggle source
# File lib/devise_security_extension/models/secure_validatable.rb, line 47 def self.assert_secure_validations_api!(base) raise "Could not use SecureValidatable on #{base}" unless base.respond_to?(:validates) end
included(base)
click to toggle source
# File lib/devise_security_extension/models/secure_validatable.rb, line 15 def self.included(base) base.extend ClassMethods assert_secure_validations_api!(base) base.class_eval do # validate login in a strict way if not yet validated unless has_uniqueness_validation_of_login? validation_condition = "#{login_attribute}_changed?".to_sym validates login_attribute, :uniqueness => { :scope => authentication_keys[1..-1], :case_sensitive => !!case_insensitive_keys }, :if => validation_condition end unless devise_validation_enabled? validates :email, :presence => true, :if => :email_required? validates :email, :uniqueness => true, :allow_blank => true, :if => :email_changed? # check uniq for email ever validates :password, :presence => true, :length => password_length, :confirmation => true, :if => :password_required? end # extra validations validates :email, :email => email_validation if email_validation # use rails_email_validator or similar validates :password, :format => { :with => password_regex, :message => :password_format }, :if => :password_required? # don't allow use same password validate :current_equal_password_validation end end
Public Instance Methods
current_equal_password_validation()
click to toggle source
# File lib/devise_security_extension/models/secure_validatable.rb, line 51 def current_equal_password_validation if not self.new_record? and not self.encrypted_password_change.nil? dummy = self.class.new dummy.encrypted_password = self.encrypted_password_change.first dummy.password_salt = self.password_salt_change.first if self.respond_to? :password_salt_change and not self.password_salt_change.nil? self.errors.add(:password, :equal_to_current_password) if dummy.valid_password?(self.password) end end
Protected Instance Methods
email_required?()
click to toggle source
# File lib/devise_security_extension/models/secure_validatable.rb, line 69 def email_required? true end
password_required?()
click to toggle source
Checks whether a password is needed or not. For validations only. Passwords are always required if it's a new record, or if the password or confirmation are being set somewhere.
# File lib/devise_security_extension/models/secure_validatable.rb, line 65 def password_required? !persisted? || !password.nil? || !password_confirmation.nil? end