Use bcrypt's public cost attr, not internal constant

See:

- https://github.com/codahale/bcrypt-ruby/pull/63
- https://github.com/codahale/bcrypt-ruby/pull/64
- https://github.com/codahale/bcrypt-ruby/pull/65

activemodel/CHANGELOG.md

+*   Fix `has_secure_password` to honor bcrypt-ruby's cost attribute.
+
+    *T.J. Schuck*
+
 *   Updated the `ActiveModel::Dirty#changed_attributes` method to be indifferent between using
     symbols and strings as keys.
 

activemodel/lib/active_model/secure_password.rb

@@ -103,7 +103,7 @@ def authenticate(unencrypted_password)
       def password=(unencrypted_password)
         unless unencrypted_password.blank?
           @password = unencrypted_password
-          cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine::DEFAULT_COST
+          cost = ActiveModel::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine.cost
           self.password_digest = BCrypt::Password.create(unencrypted_password, cost: cost)
         end
       end

activemodel/test/cases/secure_password_test.rb

@@ -82,6 +82,14 @@ class SecurePasswordTest < ActiveModel::TestCase
     assert_equal BCrypt::Engine::DEFAULT_COST, @user.password_digest.cost
   end
 
+  test "Password digest cost honors bcrypt cost attribute when min_cost is false" do
+    ActiveModel::SecurePassword.min_cost = false
+    BCrypt::Engine.cost = 5
+
+    @user.password = "secret"
+    assert_equal BCrypt::Engine.cost, @user.password_digest.cost
+  end
+
   test "Password digest cost can be set to bcrypt min cost to speed up tests" do
     ActiveModel::SecurePassword.min_cost = true