0
0
Ruby on Railsframework~10 mins

has_secure_password in Ruby on Rails - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - has_secure_password
Model includes has_secure_password
Adds password and password_confirmation virtual attributes
On save: password is hashed with bcrypt
Stores hashed password in password_digest column
Authenticate method checks password against digest
Returns user if password matches, else false
This flow shows how has_secure_password adds password handling to a model, hashes the password, stores it securely, and authenticates users.
Execution Sample
Ruby on Rails
class User < ApplicationRecord
  has_secure_password
end

user = User.new(password: "secret", password_confirmation: "secret")
user.save
user.authenticate("secret")
This code creates a User with a password, saves it securely, and authenticates the password.
Execution Table
StepActionInput/ConditionResultNotes
1Create User instancepassword: 'secret', password_confirmation: 'secret'User object with virtual password attributespassword_digest is nil initially
2Call savepassword and confirmation matchPassword hashed and stored in password_digestbcrypt hashes password securely
3Call authenticate('secret')Password matches digestReturns User objectAuthentication successful
4Call authenticate('wrong')Password does not match digestReturns falseAuthentication failed
💡 Authentication returns false when password does not match stored digest
Variable Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 4
user.passwordnil"secret"nilnilnil
user.password_confirmationnil"secret"nilnilnil
user.password_digestnilnil"$2a$...hashed...""$2a$...hashed...""$2a$...hashed..."
authenticate resultn/an/an/aUser objectfalse
Key Moments - 3 Insights
Why don't we see the plain password saved in the database?
Because has_secure_password stores only the hashed password in password_digest, not the plain password. See execution_table step 2 where password_digest is set after hashing.
What happens if password and password_confirmation do not match?
The save will fail because has_secure_password validates that password and confirmation match before hashing. This is implied in execution_table step 2 condition.
What does authenticate return if the password is wrong?
It returns false, as shown in execution_table step 4, indicating authentication failure.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the value of user.password_digest after saving the user?
AA hashed string starting with $2a$
BThe plain text password 'secret'
Cnil
DThe password_confirmation value
💡 Hint
Check execution_table row 2 under Result column
At which step does authenticate return false?
AStep 1
BStep 3
CStep 4
DStep 2
💡 Hint
Look at execution_table rows 3 and 4 for authenticate results
If password_confirmation did not match password, what would happen during save?
AUser saves successfully with hashed password
BSave fails due to validation error
CPassword_digest is set to nil
DAuthenticate returns true anyway
💡 Hint
Refer to key_moments about password confirmation validation
Concept Snapshot
has_secure_password adds password handling to Rails models.
It creates virtual password and confirmation attributes.
On save, it hashes the password with bcrypt into password_digest.
Authenticate checks password against the digest.
Returns user if correct, false if not.
Requires password_digest column in database.
Full Transcript
The has_secure_password method in Rails adds secure password handling to a model. When you add it, the model gets virtual attributes for password and password_confirmation. When you save the model, it hashes the password using bcrypt and stores the hash in the password_digest column. The plain password is never saved. You can then call authenticate with a password string. If it matches the stored hash, authenticate returns the user object. If not, it returns false. This helps keep passwords safe and easy to check. The password and confirmation must match to save successfully.