method

has_secure_token

v5.2.3 - Show latest stable - 0 notes - Class: ClassMethods

1.0.0
1.1.6
1.2.6
2.0.3
2.1.0
2.2.1
2.3.8
3.0.0
3.0.9
3.1.0
3.2.1
3.2.8
3.2.13
4.0.2
4.1.8
4.2.1
4.2.7
4.2.9
5.0.0.1 (0)
5.1.7 (0)
5.2.3 (0)
6.0.0 (0)
6.1.3.1 (3)
6.1.7.7 (0)
7.0.0 (0)
7.1.3.2 (38)
7.1.3.4 (0)
What's this?

has_secure_token(attribute = :token) public

# Schema: User(token:string, auth_token:string)
class User < ActiveRecord::Base
  has_secure_token
  has_secure_token :auth_token
end

user = User.new
user.save
user.token # => "pX27zsMN2ViQKta1bGfLmVJE"
user.auth_token # => "77TMHrHJFvFDwodq8w7Ev2m7"
user.regenerate_token # => true
user.regenerate_auth_token # => true

SecureRandom::base58 is used to generate the 24-character unique token, so collisions are highly unlikely.

Note that it’s still possible to generate a race condition in the database in the same way that {validates_uniqueness_of}[rdoc-ref:Validations::ClassMethods#validates_uniqueness_of] can. You’re encouraged to add a unique index in the database to deal with this even more unlikely scenario.

Show source

# File activerecord/lib/active_record/secure_token.rb, line 28
      def has_secure_token(attribute = :token)
        # Load securerandom only when has_secure_token is used.
        require "active_support/core_ext/securerandom"
        define_method("regenerate_#{attribute}") { update! attribute => self.class.generate_unique_secure_token }
        before_create { send("#{attribute}=", self.class.generate_unique_secure_token) unless send("#{attribute}?") }
      end

has_secure_token

Related methods