lib/devise/models/database_authenticatable.rb in devise-3.5.2 vs lib/devise/models/database_authenticatable.rb in devise-3.5.3
- old
+ new
@@ -10,11 +10,11 @@
# Authenticatable Module, responsible for encrypting password and validating
# authenticity of a user while signing in.
#
# == Options
#
- # DatabaseAuthenticable adds the following options to devise_for:
+ # DatabaseAuthenticatable adds the following options to devise_for:
#
# * +pepper+: a random string used to provide a more secure hash. Use
# `rake secret` to generate new keys.
#
# * +stretches+: the cost given to bcrypt.
@@ -25,10 +25,12 @@
#
module DatabaseAuthenticatable
extend ActiveSupport::Concern
included do
+ after_update :send_password_change_notification, if: :send_password_change_notification?
+
attr_reader :password, :current_password
attr_accessor :password_confirmation
end
def self.required_fields(klass)
@@ -131,10 +133,14 @@
# A reliable way to expose the salt regardless of the implementation.
def authenticatable_salt
encrypted_password[0,29] if encrypted_password
end
+ def send_password_change_notification
+ send_devise_notification(:password_change)
+ end
+
protected
# Digests the password using bcrypt. Custom encryption should override
# this method to apply their own algorithm.
#
@@ -142,11 +148,15 @@
# of other encryption engines.
def password_digest(password)
Devise::Encryptor.digest(self.class, password)
end
+ def send_password_change_notification?
+ self.class.send_password_change_notification && encrypted_password_changed?
+ end
+
module ClassMethods
- Devise::Models.config(self, :pepper, :stretches)
+ Devise::Models.config(self, :pepper, :stretches, :send_password_change_notification)
# We assume this method already gets the sanitized values from the
# DatabaseAuthenticatable strategy. If you are using this method on
# your own, be sure to sanitize the conditions hash to only include
# the proper fields.