method

has_secure_token

Ruby on Rails latest stable (v6.1.7.7) - 0 notes - Class: ClassMethods

1.0.0
1.1.6
1.2.6
2.0.3
2.1.0
2.2.1
2.3.8
3.0.0
3.0.9
3.1.0
3.2.1
3.2.8
3.2.13
4.0.2
4.1.8
4.2.1
4.2.7
4.2.9
5.0.0.1 (0)
5.1.7 (0)
5.2.3 (0)
6.0.0 (0)
6.1.3.1 (3)
6.1.7.7 (0)
7.0.0 (0)
7.1.3.2 (38)
What's this?

has_secure_token(attribute = :token, length: MINIMUM_TOKEN_LENGTH) public

# Schema: User(token:string, auth_token:string)
class User < ActiveRecord::Base
  has_secure_token
  has_secure_token :auth_token, length: 36
end

user = User.new
user.save
user.token # => "pX27zsMN2ViQKta1bGfLmVJE"
user.auth_token # => "tU9bLuZseefXQ4yQxQo8wjtBvsAfPc78os6R"
user.regenerate_token # => true
user.regenerate_auth_token # => true

SecureRandom::base58 is used to generate at minimum a 24-character unique token, so collisions are highly unlikely.

Note that it’s still possible to generate a race condition in the database in the same way that {validates_uniqueness_of}[rdoc-ref:Validations::ClassMethods#validates_uniqueness_of] can. You’re encouraged to add a unique index in the database to deal with this even more unlikely scenario.

Show source

# File activerecord/lib/active_record/secure_token.rb, line 32
      def has_secure_token(attribute = :token, length: MINIMUM_TOKEN_LENGTH)
        if length < MINIMUM_TOKEN_LENGTH
          raise MinimumLengthError, "Token requires a minimum length of #{MINIMUM_TOKEN_LENGTH} characters."
        end

        # Load securerandom only when has_secure_token is used.
        require "active_support/core_ext/securerandom"
        define_method("regenerate_#{attribute}") { update! attribute => self.class.generate_unique_secure_token(length: length) }
        before_create { send("#{attribute}=", self.class.generate_unique_secure_token(length: length)) unless send("#{attribute}?") }
      end

has_secure_token

Related methods

Flowdock - Team Inbox With Chat for Software Developers