Project

has_secure_attribute

0.01
No commit activity in last 3 years
No release in over 3 years
has_secure_attributepmatsinopoulos/has_secure_attributeHomepageDocumentationSource CodeBug TrackerWiki
Does what `has_secure_password` does, but for any attribute that you want. It does not have to be a `password` attribute. It may be for example `security_answer`
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
23,784
Stars
4
Forks
3
Watchers
3
 Releases
Current version
1.2.0
Total releases
9
First release
2013-08-15
Latest release
2017-11-12
 Issues
Open Issues
0
Closed Issues
2
Total Issues
2
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
2
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2015-04-06
Reverse Dependencies
0

 Dependencies

Development

database_cleaner
>= 1.6.0, ~> 1.6
factory_bot
>= 4.8.0, ~> 4.8
mysql2
~> 0.4.0
rake
~> 12.0
rspec
~> 3.0

Runtime

activerecord
~> 5.1
bcrypt
~> 3.1
 Project Readme

has_secure_attribute

Why have has_secure_password and not any attribute that you want? I believe that, quite often, we want to one-way encrypt one attribute and authenticate against its value, and this is not only the password case.

Requires

ActiveRecord and BCrypt

Install

gem install 'has_secure_attribute'

or in your Gemfile

gem 'has_secure_attribute' and then bundle

Use it

The attribute can be specified using either:

class User < ActiveRecord::Base
  has_secure_security_answer
end

or

class User < ActiveRecord::Base
  has_secure :security_answer
end

In the above example:

  • You should have a users table that has one column: security_answer_digest.
  • It creates a reader: security_answer.
  • It creates a writer: security_answer=(value) which basically saves the security answer given into the database on column security_answer_digest but it saves it encrypted.
  • It adds some validations (if you want to avoid having these validations: has_secure_security_answer validations: false).
    • It creates a confirmation validation on security_answer but only if security_answer is given (for confirmation validations see this).
    • It creates a presence validation on security_answer but only on create.
    • It creates a presence validation on security_answer_confirmation but only if security_answer has been given.
    • It raises an exception if security_answer_digest is empty on create.
  • It defines the method authenticate_security_answer(answer_to_authenticate) which returns false if the answer given does not correspond to the saved digest, or returns the object instance itself if it does.

Case Insensitive Values: you can do has_secure_security_answer case_insensitive: false if you want to handle values that match even if they differ on case. Then, answer will match Answer, for example.

Do not use confirmation: you can do has_secure_security_answer confirm: false if you do not want to have confirmation attribute for the attribute you are securing.

Do you want to test it?

bundle exec rake

Note: Testing works with a MySQL database. So, you need to have MySQL installed. Other than that, everything else needed to run the tests is done automatically. (db create, db migrate e.t.c.)