Merge pull request #2825 from guilleiguaran/bcrypt-ruby-comments

Add comments about bcrypt-ruby gem to SecurePassword and add it to default Gemfile

Merge pull request #2825 from guilleiguaran/bcrypt-ruby-comments
Add comments about bcrypt-ruby gem to SecurePassword and add it to default Gemfile
8a9f4c6d · Aaron Patterson · 867c8306 · 9b02f3f4 · 8a9f4c6d · 8a9f4c6d
2 changed file
--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -10,6 +10,10 @@ module ClassMethods
      # a "password_confirmation" attribute) are automatically added.
      # You can add more validations by hand if need be.
      #
+      # You need to add bcrypt-ruby (~> 3.0.0) to Gemfile to use has_secure_password:
+      #
+      #   gem 'bcrypt-ruby', '~> 3.0.0'
+      #
      # Example using Active Record (which automatically includes ActiveModel::SecurePassword):
      #
      #   # Schema: User(name:string, password_digest:string)
@@ -28,6 +32,8 @@ module ClassMethods
      #   User.find_by_name("david").try(:authenticate, "notright")      # => nil
      #   User.find_by_name("david").try(:authenticate, "mUc3m00RsqyRe") # => user
      def has_secure_password
+        # Load bcrypt-ruby only when has_secured_password is used to avoid make ActiveModel
+        # (and by extension the entire framework) dependent on a binary library.
        gem 'bcrypt-ruby', '~> 3.0.0'
        require 'bcrypt'

--- a/railties/lib/rails/generators/rails/app/templates/Gemfile
+++ b/railties/lib/rails/generators/rails/app/templates/Gemfile
@@ -10,6 +10,9 @@ source 'http://rubygems.org'
 <%= assets_gemfile_entry %>
 <%= javascript_gemfile_entry %>
+# To use ActiveModel has_secure_password
+# gem 'bcrypt-ruby', '~> 3.0.0'
 # Use unicorn as the web server
 # gem 'unicorn'