4 files changed, 70 insertions, 2 deletions

diff --git a/activemodel/lib/active_model.rb b/activemodel/lib/active_model.rb
index be0f24ff92..dd6ee058cc 100644
--- a/activemodel/lib/active_model.rb
+++ b/activemodel/lib/active_model.rb
@@ -42,6 +42,7 @@ module ActiveModel
   autoload :Naming
   autoload :Observer, 'active_model/observing'
   autoload :Observing
+  autoload :SecurePassword
   autoload :Serialization
   autoload :TestCase
   autoload :Translation
diff --git a/activemodel/lib/active_model/dirty.rb b/activemodel/lib/active_model/dirty.rb
index 1dfd0b6132..a479795d51 100644
--- a/activemodel/lib/active_model/dirty.rb
+++ b/activemodel/lib/active_model/dirty.rb
@@ -1,5 +1,4 @@
 require 'active_model/attribute_methods'
-require 'active_support/concern'
 require 'active_support/hash_with_indifferent_access'
 require 'active_support/core_ext/object/duplicable'
 
diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb
new file mode 100644
index 0000000000..52941942b8
--- /dev/null
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -0,0 +1,58 @@
+require 'bcrypt'
+
+module ActiveModel
+  module SecurePassword
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      # Adds methods to set and authenticate against a BCrypt password.
+      # This mechanism requires you to have a password_digest attribute.
+      #
+      # Validations for presence of password, confirmation of password (using
+      # a "password_confirmation" attribute) are automatically added.
+      # You can add more validations by hand if need be.
+      #
+      # Example using Active Record (which automatically includes ActiveModel::SecurePassword):
+      #
+      #   # Schema: User(name:string, password_digest:string)
+      #   class User < ActiveRecord::Base
+      #     has_secure_password
+      #   end
+      #
+      #   user = User.new(:name => "david", :password => "", :password_confirmation => "nomatch")
+      #   user.save                                                      # => false, password required
+      #   user.password = "mUc3m00RsqyRe"
+      #   user.save                                                      # => false, confirmation doesn't match
+      #   user.password_confirmation = "mUc3m00RsqyRe"
+      #   user.save                                                      # => true
+      #   user.authenticate("notright")                                  # => false
+      #   user.authenticate("mUc3m00RsqyRe")                             # => user
+      #   User.find_by_name("david").try(:authenticate, "notright")      # => nil
+      #   User.find_by_name("david").try(:authenticate, "mUc3m00RsqyRe") # => user
+      def has_secure_password
+        attr_reader   :password
+        attr_accessor :password_confirmation
+
+        attr_protected(:password_digest) if respond_to?(:attr_protected)
+
+        validates_confirmation_of :password
+        validates_presence_of     :password_digest
+      end
+    end
+
+    # Returns self if the password is correct, otherwise false.
+    def authenticate(unencrypted_password)
+      if BCrypt::Password.new(password_digest) == unencrypted_password
+        self
+      else
+        false
+      end
+    end
+
+    # Encrypts the password into the password_digest attribute.
+    def password=(unencrypted_password)
+      @password = unencrypted_password
+      self.password_digest = BCrypt::Password.create(unencrypted_password)
+    end
+  end
+end
diff --git a/activemodel/lib/active_model/validations.rb b/activemodel/lib/active_model/validations.rb
index b044caa8d3..6cb015a144 100644
--- a/activemodel/lib/active_model/validations.rb
+++ b/activemodel/lib/active_model/validations.rb
@@ -104,7 +104,7 @@ module ActiveModel
       #     end
       #   end
       #
-      # Or with a block which is passed with the current record to be validated:
+      # With a block which is passed with the current record to be validated:
       #
       #   class Comment
       #     include ActiveModel::Validations
@@ -118,6 +118,16 @@ module ActiveModel
       #     end
       #   end
       #
+      # Or with a block where self points to the current record to be validated:
+      #
+      #   class Comment
+      #     include ActiveModel::Validations
+      #
+      #     validate do
+      #       errors.add(:base, "Must be friends to leave a comment") unless commenter.friend_of?(commentee)
+      #     end
+      #   end
+      #
       def validate(*args, &block)
         options = args.extract_options!
         if options.key?(:on)