has_secure_password: authenticate method

has_secure_password has a method authenticate to authenticate users using bcrypt. In secure_password.rb file I found the following lines (from github):

  def authenticate(unencrypted_password)     BCrypt::Password.new(password_digest) == unencrypted_password && self   end

BCrypt::Password.new(password_digest) == unencrypted_password is clear.

Q1: Can anyone explain why the result of BCrypt::Password.new(password_digest) == unencrypted_password is ANDed with 'self'?

Q2: Since authenticate becomes an instance method of a class, for instance,User and so an instance method of, say, object user, self must be equal to (the current object) `user'. Am I right?

Hi,

Q1: The goal is to return the current object with ‘self’.

When, you try in irb => ‘a’ && ‘b’, Ruby returns you ‘b’, because is the last non nil object but when the password comparaison failed, it the comparaison value which is returned, thus ‘false’.

Q2: According to my interpretation, there is none validations on the current object.

Best regards.