has_secure_password

Robert_Evans · November 28, 2012, 10:29pm

Hi all,

I would like to get feedback on a proposal for ActiveModel::SecurePassword before I send a PR:

Currently, ActiveModel::SecurePassword has a class method #min_cost which can be set to true/false - false by default. When true, cost is set to MIN_COST of 4 and false it is set to DEFAULT_COST of 10.

BCrypt’s cost factor can be set from 1 to 31.

I’d like to propose deprecating #min_cost in favor of just #cost. The cost class method would have a default value of 10, keeping consistency. This would then allow developers to have more control on setting the cost, depending on the application in which they’re building.

An example would be setting the cost to 1 for tests (as devise does) or to something higher than 10 for an application that requires it.

Thoughts or concerns?

Thanks!

Robert

carlosantoniodasilva · November 28, 2012, 10:42pm

min_cost doesn't need to be deprecated, since it was just added to master. I think it's fine for it to be a cost number, similar to devise, though, but others might have different opinions on that.

rafaelfranca · November 29, 2012, 2:40am

I think it is fine too

Robert_Evans · December 3, 2012, 5:45pm

I opened a PR of the implementation and some dialog on what I think would be even better: https://github.com/rails/rails/pull/8408

Topic		Replies	Views
Enhancements to has_secure_password A May Of WTFs	2	968	May 18, 2020
Support Different Column Names in has_secure_password rubyonrails-core	5	620	February 6, 2015
ActiveModel::SecurePassword can handle other algoritms than bcrypt? rubyonrails-core	0	287	May 23, 2020
AR::Base#has_secure_password and PasswordValidator rubyonrails-core	0	242	December 19, 2010
undefined method `key?' for nil:NilClass,bcrypt-ruby,has_secure_password rubyonrails-talk	4	186	May 14, 2012

has_secure_password

Related topics

More Resources