How does has_secure_password work in my model class?

I'm doing the [Rails tutorial by Michael Hartl][1], and I've come to the point where you simply add:

has_secure_password

to your model class and a bunch of magic happens.

I understand that this method comes from the `ActiveModel::SecurePassword` module that is included in `ActiveRecord::Base`, which my model class extends.

What I don't understand is what is going on when I add that one line to my class definition. Can somebody please explain, in as much detail as possible. I really want to understand what is going on and not just throw stuff at my app not knowing how it works.

(If it helps to understand why I'm confused, I come from a Java background and I'm new to Ruby)


[1]:

[To see links please register here]

The easiest way of understanding what anything's doing is to consult the source! In this case, that would be the [ActiveModel::SecurePassword documentation](

[To see links please register here]

). From that, you can see that `has_secure_password` does this:

def has_secure_password
# Load bcrypt-ruby only when has_secure_password is used.
# This is to avoid ActiveModel (and by extension the entire framework) being dependent on a binary library.
gem 'bcrypt-ruby', '~> 3.0.0'
require 'bcrypt'

attr_reader :password

validates_confirmation_of :password
validates_presence_of :password_digest

include InstanceMethodsOnActivation

if respond_to?(:attributes_protected_by_default)
def self.attributes_protected_by_default
super + ['password_digest']
end
end
end

To explain in English, this function:

1. Loads the `bcrypt-ruby` Gem and requires `bcrypt`. [bcrypt](

[To see links please register here]

) is a secure hashing function that you can learn more about in Wikipedia.
2. Adds a read-only attribute to the model called `password`.
3. Validates that the password is confirmed by another field, called `password_confirmation`. In other words, you have to enter the password twice to confirm it.
4. Ensures that password_digest is present before a model is saved.
5. Load the [instance methods](

[To see links please register here]

), which in this case are `authenticate` (which returns true if the password is correct, otherwise false) and `password=`, which encrypts the passed password into the password_digest attribute.
6. If the method has attributes that are protected by default, this will also add `password_digest` to that list of protected attributes. (Thus preventing it from being mass assigned.)

You can learn more at the [ActiveModel::SecurePassword documentation](

[To see links please register here]

) and the [further documentation on its instance attributes](

[To see links please register here]

).