Want more GoRails?
GoRails is packed full with 722 lessons just like this one.
Sign up to get full access or log in to your account and sit back.
Your Teacher
About This Episode
Has secure password is boasting some new benefits in Rails 7.1 with the addition of the authenticate_by method which reduces timing-based enumeration attack vulnerabilities. Also being introduced is the ability to provide a required password challenge.
Notes
Resources
Here is the commit which introduced the authenticate_by
method along with the method as it currently stands on main
Here is the comment section which speaks about the password_challenge or XXX_challenge (the _challenge method is dynamically defined based on the attribute name you pass to has_secure_password