# ecto-secure-password [![Build Status](]( [![Hex Version](]( [![Hex docs](]( [![Deps Status](](

A port of Rails [has_secure_password]( for [Ecto]( models.

The full documentation is available at

## Installation

1. Add `secure_password` to your list of dependencies in `mix.exs`:

def deps do
  [{:secure_password, "~> 0.3.0"}]

2. Ensure `secure_password` is started before your application:

  def application do
    [applications: [:secure_password]]

## Usage

### Setup the model

To use `secure_password`, you need to

1. Add `use SecurePassword` to your model
2. Add `has_secure_password` to your schema
3. Add `with_secure_password` to your changeset (see the docs for the available options)

NOTE: Be sure to have `password` either in your changeset `required_fields` or `optional_fields`.
   You do not need to add `password_confirmation` in either as it will be checked from `changeset.params`.

Here is an example user module.

defmodule User do
  use Ecto.Schema
  use SecurePassword

  import Ecto.Changeset

  schema "users" do
    field :email, :string
    field :name, :string


  @required_fields ~w(email)
  @optional_fields ~w(name password)

  def changeset(model, params \\ :empty) do
    |> cast(params, @required_fields, @optional_fields)
    |> with_secure_password(min_length: 8)

### Authenticate

To authenticate the model, you just need to call `Model.authenticate`.
It will return the user struct when the password is valid, and `false` otherwise.

if user = User.authenticate(MyRepo.get(User, 1), params["password"]) do
  # do something
  # you are not authenticated

## Testing

This library uses [comeonin]( to hash passwords.
To avoid slowing down the tests, you can add the following to your `config/test.exs`.

config :comeonin, :bcrypt_log_rounds, 4
config :comeonin, :pbkdf2_rounds, 1