← Back to Upcase

Implementing authenticated? method in Clearance gem


(Jon Seidel) #1

Using Clearance::CustomPasswordStrategy, how do I implement the authenticated? method? There are no parameters, so I don’t have access to the login id or password that I’m supposed to be authenticating against.

Edit: Documentation for CustomPasswordStrategy is not complete:

  1. authenticated? method takes a password parameter
  2. all you have to do is compare it to ‘encrypted_password’ which is provided by the Clearance gem

At least, that’s what it looks like to me.


(Joel Quenneville) #2

You are correct, authenticated? takes a password as it’s argument. encrypted_password is an attribute that Clearance adds to your User model. To implement the method, you should encrypt the password and see if it matches encrypted_password. Alternatively, you could decrypt encrypted_password and see if it matches the password passed in.

Below are some of the implementations from the strategies that come with Clearance:

# Blowfish
def authenticated?(password)
  encrypted_password == encrypt(password)
end

# SHA1
def authenticated?(password)
  encrypted_password == encrypt(password)
end


# BCrypt
def authenticated?(password)
  ::BCrypt::Password.new(encrypted_password) == password
end