# File lib/devise/models/database_authenticatable.rb, line 39 def valid_password?(password) return false if encrypted_password.blank? bcrypt = ::BCrypt::Password.new(self.encrypted_password) password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt) Devise.secure_compare(password, self.encrypted_password) end