Merge pull request #2825 from guilleiguaran/bcrypt-ruby-comments

Add comments about bcrypt-ruby gem to SecurePassword and add it to default Gemfile
2026-04-26 03:00:59 -04:00 · 2011-09-03 10:14:11 -07:00
parent 867c830603 9b02f3f41f
commit 8a9f4c6da4
2 changed files with 9 additions and 0 deletions
--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -10,6 +10,10 @@ module ActiveModel
      # a "password_confirmation" attribute) are automatically added.
      # You can add more validations by hand if need be.
      #
+      # You need to add bcrypt-ruby (~> 3.0.0) to Gemfile to use has_secure_password:
+      #
+      #   gem 'bcrypt-ruby', '~> 3.0.0'
+      #
      # Example using Active Record (which automatically includes ActiveModel::SecurePassword):
      #
      #   # Schema: User(name:string, password_digest:string)
@@ -28,6 +32,8 @@ module ActiveModel
      #   User.find_by_name("david").try(:authenticate, "notright")      # => nil
      #   User.find_by_name("david").try(:authenticate, "mUc3m00RsqyRe") # => user
      def has_secure_password
+        # Load bcrypt-ruby only when has_secured_password is used to avoid make ActiveModel
+        # (and by extension the entire framework) dependent on a binary library.
        gem 'bcrypt-ruby', '~> 3.0.0'
        require 'bcrypt'

--- a/railties/lib/rails/generators/rails/app/templates/Gemfile
+++ b/railties/lib/rails/generators/rails/app/templates/Gemfile
@@ -10,6 +10,9 @@ source 'http://rubygems.org'
 <%= assets_gemfile_entry %>
 <%= javascript_gemfile_entry %>

+# To use ActiveModel has_secure_password
+# gem 'bcrypt-ruby', '~> 3.0.0'
+
 # Use unicorn as the web server
 # gem 'unicorn'