sequel_secure_password

Sequel secure_password

Plugin adds BCrypt authentication and password hashing to Sequel models. Model using this plugin should have password_digest field.

This plugin was created by extracting has_secure_password strategy from rails.

Installation

Add this line to your application's Gemfile:

gem 'sequel_secure_password'

And then execute:

$ bundle

Or install it yourself as:

$ gem install sequel_secure_password

Usage

Plugin should be used in subclasses of Sequel::Model. Always call super in validate method of your model, otherwise password validations won't be executed. It does not set_allowed_columns and mass assignment policy must be managed separately.

Example model:

class User < Sequel::Model
  plugin :secure_password
end

# cost option can be used to change computational complexity of BCrypt
class HighCostUser < Sequel::Model
  plugin :secure_password, cost: 12
end

# include_validations option can be used to disable default password
# presence and confirmation
class UserWithoutValidations < Sequel::Model
  plugin :secure_password, include_validations: false
end

# digest_column option can be used to use an alternate database column.
# the default column is "password_digest"
class UserWithAlternateDigestColumn < Sequel::Model
  plugin :secure_password, digest_column: :password_hash
end

user = User.new
user.password = "foo"
user.password_confirmation = "bar"
user.valid? # => false

user.password_confirmation = "foo"
user.valid? # => true

user.authenticate("foo") # => user
user.authenticate("bar") # => nil

Contributing

• Open an issue
• Discuss proposed change
• Once we both agree on the change I'll implement it or if you want it really badly, fork the project and create a pull request.

Acknowledgements

• Thanks to @send for implementing the :cost option;
• Thanks to @badosu for motivating me to add :include_validations option.
• Thanks to @AlexWayfer for fixing a bug that prevented inheriting from classes using the plugin.