Save user password as a bcrypt hash

* Replace password field by password_hash
* Add User#password attribute
* Implement password hashing and verification with BCrypt mixin

app/models/user.rb

@@ -1,11 +1,33 @@
+require 'bcrypt'
+
 class User < ActiveRecord::Base
+  include BCrypt
+
+  attr_accessor :password
+  attr_accessible :email, :password, :password_confirmation
+
   validates_presence_of :email
-  validates_presence_of :password
+
+  validates :password,
+    :presence     => true,
+    :confirmation => true
+
+  before_save :hash_password
 
   def self.authenticate(email, password)
     user = find_by_email(email)
     return false if user.nil?
-    #FIXME use bcrypt
-    return user if user.password == password
+    return user if Password.new(user.password_hash) == password
+  end
+
+
+  private
+
+  def hash_password
+    self.password_hash = bcrypt(password)
+  end
+
+  def bcrypt(string)
+    return Password.create(string)
   end
 end