方法
实例公共方法
authenticate_by(attributes) 链接
给定一组属性,使用非密码属性查找记录,然后使用密码属性对该记录进行身份验证。如果身份验证成功,则返回记录;否则,返回 nil。
无论是否找到记录,authenticate_by 都会对给定的密码属性进行加密哈希处理。此行为有助于缓解基于时间的枚举攻击,攻击者即使不知道密码也可以确定是否存在密码保护的记录。
如果属性集不包含至少一个密码属性和一个非密码属性,则会引发 ArgumentError。
示例¶ ↑
class User < ActiveRecord::Base has_secure_password end User.create(name: "John Doe", email: "jdoe@example.com", password: "abc123") User.authenticate_by(email: "jdoe@example.com", password: "abc123").name # => "John Doe" (in 373.4ms) User.authenticate_by(email: "jdoe@example.com", password: "wrong") # => nil (in 373.9ms) User.authenticate_by(email: "wrong@example.com", password: "abc123") # => nil (in 373.6ms) User.authenticate_by(email: "jdoe@example.com", password: nil) # => nil (no queries executed) User.authenticate_by(email: "jdoe@example.com", password: "") # => nil (no queries executed) User.authenticate_by(email: "jdoe@example.com") # => ArgumentError User.authenticate_by(password: "abc123") # => ArgumentError
来源: 显示 | 在 GitHub 上
# File activerecord/lib/active_record/secure_password.rb, line 41 def authenticate_by(attributes) passwords, identifiers = attributes.to_h.partition do |name, value| !has_attribute?(name) && has_attribute?("#{name}_digest") end.map(&:to_h) raise ArgumentError, "One or more password arguments are required" if passwords.empty? raise ArgumentError, "One or more finder arguments are required" if identifiers.empty? return if passwords.any? { |name, value| value.nil? || value.empty? } if record = find_by(identifiers) record if passwords.count { |name, value| record.public_send(:"authenticate_#{name}", value) } == passwords.size else new(passwords) nil end end