app/models/credentials/password.rb in authpwn_rails-0.10.3 vs app/models/credentials/password.rb in authpwn_rails-0.10.4

@@ -12,18 +12,27 @@
   attr_accessor :password_confirmation
 
   # A user can have a single password
   validates :user_id, :uniqueness => true
 
-  # Compares the given password against the user's stored password.
+  # Compares a plain-text password against the password hash in this credential.
   #
   # Returns +true+ for a match, +false+ otherwise.
-  def authenticate(password)
+  def check_password(password)
     return false unless key
     key == self.class.hash_password(password, key.split('|', 2).first)
   end
   
+  # Compares a plain-text password against the password hash in this credential.
+  #
+  # Returns the authenticated User instance, or a symbol indicating the reason
+  # why the (potentially valid) password was rejected.
+  def authenticate(password)
+    return :invalid unless check_password(password)
+    user.auth_bounce_reason(self) || user
+  end
+  
   # Password virtual attribute.
   def password=(new_password)
     @password = new_password
     salt = self.class.random_salt
     self.key = new_password && self.class.hash_password(new_password, salt)
@@ -32,17 +41,19 @@
   # Resets the virtual password attributes.
   def clear_plaintext
     @password = @password_confirmation = nil
   end
 
-  # The authenticated user or nil.
+  # Authenticates a user given an e-mail / password pair.
+  #
+  # Returns the authenticated User instance, or a symbol indicating the reason
+  # why the (potentially valid) credential was rejected.
   def self.authenticate_email(email, password)
-    email_cred = Credentials::Email.where(:name => email).
-                                    includes(:user => :credentials).first
-    return nil unless email_cred    
-    credential = email_cred.user.credentials.
-                            find { |c| c.kind_of? Credentials::Password }
-    credential.authenticate(password) ? email_cred.user : nil
+    user = Credentials::Email.authenticate email
+    return user if user.is_a? Symbol
+    
+    credential = user.credentials.find { |c| c.kind_of? Credentials::Password }
+    credential ? credential.authenticate(password) : :invalid
   end
 
   # Computes a password hash from a raw password and a salt.
   def self.hash_password(password, salt)
     salt + '|' + Digest::SHA2.hexdigest(password + salt)