diff options
author | Mingdong Luo <mdluo@nsmss.com> | 2015-01-31 19:23:48 -0800 |
---|---|---|
committer | Mingdong Luo <mdluo@nsmss.com> | 2015-01-31 19:23:48 -0800 |
commit | 549d171a90135999e3c670f489494b7a39dd6dd7 (patch) | |
tree | 233466527b797fe3ea7c6a7a3673795cea28aebe /activerecord/lib/active_record/secure_token.rb | |
parent | c840b18ac31a852d99ff760229f2c087b6961727 (diff) | |
parent | 70ac072976c8cc6f013f0df3777e54ccae3f4f8c (diff) | |
download | rails-549d171a90135999e3c670f489494b7a39dd6dd7.tar.gz rails-549d171a90135999e3c670f489494b7a39dd6dd7.tar.bz2 rails-549d171a90135999e3c670f489494b7a39dd6dd7.zip |
Merge branch 'master' into pr/18316
Conflicts:
activerecord/CHANGELOG.md
Diffstat (limited to 'activerecord/lib/active_record/secure_token.rb')
-rw-r--r-- | activerecord/lib/active_record/secure_token.rb | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/activerecord/lib/active_record/secure_token.rb b/activerecord/lib/active_record/secure_token.rb new file mode 100644 index 0000000000..07031b6371 --- /dev/null +++ b/activerecord/lib/active_record/secure_token.rb @@ -0,0 +1,39 @@ +module ActiveRecord + module SecureToken + extend ActiveSupport::Concern + + module ClassMethods + # Example using has_secure_token + # + # # Schema: User(token:string, auth_token:string) + # class User < ActiveRecord::Base + # has_secure_token + # has_secure_token :auth_token + # end + # + # user = User.new + # user.save + # user.token # => "4kUgL2pdQMSCQtjE" + # user.auth_token # => "77TMHrHJFvFDwodq8w7Ev2m7" + # user.regenerate_token # => true + # user.regenerate_auth_token # => true + # + # SecureRandom::base58 is used to generate the 24-character unique token, so collisions are highly unlikely. + # + # Note that it's still possible to generate a race condition in the database in the same way that + # validates_presence_of can. You're encouraged to add a unique index in the database to deal with + # this even more unlikely scenario. + def has_secure_token(attribute = :token) + # Load securerandom only when has_secure_token is used. + require 'active_support/core_ext/securerandom' + define_method("regenerate_#{attribute}") { update! attribute => self.class.generate_unique_secure_token } + before_create { self.send("#{attribute}=", self.class.generate_unique_secure_token) } + end + + def generate_unique_secure_token + SecureRandom.base58(24) + end + end + end +end + |