mirror of
https://github.com/heartcombo/devise.git
synced 2022-11-09 12:18:31 -05:00
Ensure bcrypt works and move salt generation to encryptors (needed for bcrypt).
This commit is contained in:
parent
d00c31314d
commit
35838b02b7
11 changed files with 46 additions and 61 deletions
|
@ -1,3 +1,11 @@
|
||||||
|
* enhancements
|
||||||
|
* Move salt to encryptors
|
||||||
|
|
||||||
|
* bug fix
|
||||||
|
* Bcrypt generator was not being loaded neither setting the proper salt
|
||||||
|
|
||||||
|
== 0.8.0
|
||||||
|
|
||||||
* enhancements
|
* enhancements
|
||||||
* Warden 0.8.0 compatibility
|
* Warden 0.8.0 compatibility
|
||||||
* Add an easy for map.connect "sign_in", :controller => "sessions", :action => "new" to work
|
* Add an easy for map.connect "sign_in", :controller => "sessions", :action => "new" to work
|
||||||
|
|
|
@ -11,12 +11,13 @@ module Devise
|
||||||
end
|
end
|
||||||
|
|
||||||
module Encryptors
|
module Encryptors
|
||||||
|
autoload :Base, 'devise/encryptors/base'
|
||||||
|
autoload :Bcrypt, 'devise/encryptors/bcrypt'
|
||||||
autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
|
autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
|
||||||
autoload :AuthlogicSha1, 'devise/encryptors/authlogic_sha1'
|
autoload :AuthlogicSha1, 'devise/encryptors/authlogic_sha1'
|
||||||
autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
|
autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
|
||||||
autoload :Sha512, 'devise/encryptors/sha512'
|
autoload :Sha512, 'devise/encryptors/sha512'
|
||||||
autoload :Sha1, 'devise/encryptors/sha1'
|
autoload :Sha1, 'devise/encryptors/sha1'
|
||||||
autoload :BCrypt, 'devise/encryptors/bcrypt'
|
|
||||||
end
|
end
|
||||||
|
|
||||||
module Orm
|
module Orm
|
||||||
|
@ -48,7 +49,8 @@ module Devise
|
||||||
:sha512 => 128,
|
:sha512 => 128,
|
||||||
:clearance_sha1 => 40,
|
:clearance_sha1 => 40,
|
||||||
:restful_authentication_sha1 => 40,
|
:restful_authentication_sha1 => 40,
|
||||||
:authlogic_sha512 => 128
|
:authlogic_sha512 => 128,
|
||||||
|
:bcrypt => 60
|
||||||
}
|
}
|
||||||
|
|
||||||
# Email regex used to validate email formats. Retrieved from authlogic.
|
# Email regex used to validate email formats. Retrieved from authlogic.
|
||||||
|
|
|
@ -1,19 +1,12 @@
|
||||||
require "digest/sha2"
|
require "digest/sha2"
|
||||||
|
|
||||||
module Devise
|
module Devise
|
||||||
# Implements a way of adding different encryptions.
|
|
||||||
# The class should implement a self.digest method that taks the following params:
|
|
||||||
# - password
|
|
||||||
# - stretches: the number of times the encryption will be applied
|
|
||||||
# - salt: the password salt as defined by devise
|
|
||||||
# - pepper: Devise config option
|
|
||||||
#
|
|
||||||
module Encryptors
|
module Encryptors
|
||||||
# = AuthlogicSha512
|
# = AuthlogicSha512
|
||||||
# Simulates Authlogic's default encryption mechanism.
|
# Simulates Authlogic's default encryption mechanism.
|
||||||
# Warning: it uses Devise's stretches configuration to port Authlogic's one. Should be set to 20 in the initializer to silumate
|
# Warning: it uses Devise's stretches configuration to port Authlogic's one. Should be set to 20 in the initializer to silumate
|
||||||
# the default behavior.
|
# the default behavior.
|
||||||
class AuthlogicSha512
|
class AuthlogicSha512 < Base
|
||||||
|
|
||||||
# Gererates a default password digest based on salt, pepper and the
|
# Gererates a default password digest based on salt, pepper and the
|
||||||
# incoming password.
|
# incoming password.
|
||||||
|
|
20
lib/devise/encryptors/base.rb
Normal file
20
lib/devise/encryptors/base.rb
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
module Devise
|
||||||
|
# Implements a way of adding different encryptions.
|
||||||
|
# The class should implement a self.digest method that taks the following params:
|
||||||
|
# - password
|
||||||
|
# - stretches: the number of times the encryption will be applied
|
||||||
|
# - salt: the password salt as defined by devise
|
||||||
|
# - pepper: Devise config option
|
||||||
|
#
|
||||||
|
module Encryptors
|
||||||
|
class Base
|
||||||
|
def self.digest
|
||||||
|
raise NotImplemented
|
||||||
|
end
|
||||||
|
|
||||||
|
def self.salt
|
||||||
|
Devise.friendly_token
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -1,22 +1,19 @@
|
||||||
require "bcrypt"
|
require "bcrypt"
|
||||||
|
|
||||||
module Devise
|
module Devise
|
||||||
# Implements a way of adding different encryptions.
|
|
||||||
# The class should implement a self.digest method that taks the following params:
|
|
||||||
# - password
|
|
||||||
# - stretches: the number of times the encryption will be applied
|
|
||||||
# - salt: the password salt as defined by devise
|
|
||||||
# - pepper: Devise config option
|
|
||||||
#
|
|
||||||
module Encryptors
|
module Encryptors
|
||||||
# = BCrypt
|
# = BCrypt
|
||||||
# Uses the BCrypt hash algorithm to encrypt passwords.
|
# Uses the BCrypt hash algorithm to encrypt passwords.
|
||||||
class BCrypt
|
class Bcrypt < Base
|
||||||
|
|
||||||
# Gererates a default password digest based on stretches, salt, pepper and the
|
# Gererates a default password digest based on stretches, salt, pepper and the
|
||||||
# incoming password. We don't strech it ourselves since BCrypt does so internally.
|
# incoming password. We don't strech it ourselves since BCrypt does so internally.
|
||||||
def self.digest(password, stretches, salt, pepper)
|
def self.digest(password, stretches, salt, pepper)
|
||||||
::BCrypt::Engine.hash_secret(password, [salt, pepper].flatten.join('xx'), stretches)
|
::BCrypt::Engine.hash_secret([password, pepper].join, salt, stretches)
|
||||||
|
end
|
||||||
|
|
||||||
|
def self.salt
|
||||||
|
::BCrypt::Engine.generate_salt
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,19 +1,12 @@
|
||||||
require "digest/sha1"
|
require "digest/sha1"
|
||||||
|
|
||||||
module Devise
|
module Devise
|
||||||
# Implements a way of adding different encryptions.
|
|
||||||
# The class should implement a self.digest method that taks the following params:
|
|
||||||
# - password
|
|
||||||
# - stretches: the number of times the encryption will be applied
|
|
||||||
# - salt: the password salt as defined by devise
|
|
||||||
# - pepper: Devise config option
|
|
||||||
#
|
|
||||||
module Encryptors
|
module Encryptors
|
||||||
# = ClearanceSha1
|
# = ClearanceSha1
|
||||||
# Simulates Clearance's default encryption mechanism.
|
# Simulates Clearance's default encryption mechanism.
|
||||||
# Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
|
# Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
|
||||||
# Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES
|
# Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES
|
||||||
class ClearanceSha1
|
class ClearanceSha1 < Base
|
||||||
|
|
||||||
# Gererates a default password digest based on salt, pepper and the
|
# Gererates a default password digest based on salt, pepper and the
|
||||||
# incoming password.
|
# incoming password.
|
||||||
|
|
|
@ -1,20 +1,13 @@
|
||||||
require "digest/sha1"
|
require "digest/sha1"
|
||||||
|
|
||||||
module Devise
|
module Devise
|
||||||
# Implements a way of adding different encryptions.
|
|
||||||
# The class should implement a self.digest method that taks the following params:
|
|
||||||
# - password
|
|
||||||
# - stretches: the number of times the encryption will be applied
|
|
||||||
# - salt: the password salt as defined by devise
|
|
||||||
# - pepper: Devise config option
|
|
||||||
#
|
|
||||||
module Encryptors
|
module Encryptors
|
||||||
# = RestfulAuthenticationSha1
|
# = RestfulAuthenticationSha1
|
||||||
# Simulates Restful Authentication's default encryption mechanism.
|
# Simulates Restful Authentication's default encryption mechanism.
|
||||||
# Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
|
# Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
|
||||||
# Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES. Should be set to 10 in
|
# Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES. Should be set to 10 in
|
||||||
# the initializer to silumate the default behavior.
|
# the initializer to silumate the default behavior.
|
||||||
class RestfulAuthenticationSha1
|
class RestfulAuthenticationSha1 < Base
|
||||||
|
|
||||||
# Gererates a default password digest based on salt, pepper and the
|
# Gererates a default password digest based on salt, pepper and the
|
||||||
# incoming password.
|
# incoming password.
|
||||||
|
|
|
@ -1,17 +1,10 @@
|
||||||
require "digest/sha1"
|
require "digest/sha1"
|
||||||
|
|
||||||
module Devise
|
module Devise
|
||||||
# Implements a way of adding different encryptions.
|
|
||||||
# The class should implement a self.digest method that taks the following params:
|
|
||||||
# - password
|
|
||||||
# - stretches: the number of times the encryption will be applied
|
|
||||||
# - salt: the password salt as defined by devise
|
|
||||||
# - pepper: Devise config option
|
|
||||||
#
|
|
||||||
module Encryptors
|
module Encryptors
|
||||||
# = Sha1
|
# = Sha1
|
||||||
# Uses the Sha1 hash algorithm to encrypt passwords.
|
# Uses the Sha1 hash algorithm to encrypt passwords.
|
||||||
class Sha1
|
class Sha1 < Base
|
||||||
|
|
||||||
# Gererates a default password digest based on stretches, salt, pepper and the
|
# Gererates a default password digest based on stretches, salt, pepper and the
|
||||||
# incoming password.
|
# incoming password.
|
||||||
|
|
|
@ -1,17 +1,10 @@
|
||||||
require "digest/sha2"
|
require "digest/sha2"
|
||||||
|
|
||||||
module Devise
|
module Devise
|
||||||
# Implements a way of adding different encryptions.
|
|
||||||
# The class should implement a self.digest method that taks the following params:
|
|
||||||
# - password
|
|
||||||
# - stretches: the number of times the encryption will be applied
|
|
||||||
# - salt: the password salt as defined by devise
|
|
||||||
# - pepper: Devise config option
|
|
||||||
#
|
|
||||||
module Encryptors
|
module Encryptors
|
||||||
# = Sha512
|
# = Sha512
|
||||||
# Uses the Sha512 hash algorithm to encrypt passwords.
|
# Uses the Sha512 hash algorithm to encrypt passwords.
|
||||||
class Sha512
|
class Sha512 < Base
|
||||||
|
|
||||||
# Gererates a default password digest based on salt, pepper and the
|
# Gererates a default password digest based on salt, pepper and the
|
||||||
# incoming password.
|
# incoming password.
|
||||||
|
|
|
@ -43,7 +43,7 @@ module Devise
|
||||||
@password = new_password
|
@password = new_password
|
||||||
|
|
||||||
if @password.present?
|
if @password.present?
|
||||||
self.password_salt = Devise.friendly_token
|
self.password_salt = self.class.encryptor_class.salt
|
||||||
self.encrypted_password = password_digest(@password)
|
self.encrypted_password = password_digest(@password)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -18,18 +18,11 @@ class Encryptors < ActiveSupport::TestCase
|
||||||
assert_equal clearance, encryptor
|
assert_equal clearance, encryptor
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'should match a password created by bcrypt' do
|
|
||||||
bcrypt = "$2a$10$81UWRL4S01M6zxjMPyBame1He8EHYgdFm26rQh0qKzglf2ijtEyfa"
|
|
||||||
encryptor = Devise::Encryptors::BCrypt.digest('123mudar', 4, '$2a$10$81UWRL4S01M6zxjMPyBame', '')
|
|
||||||
assert_equal bcrypt, encryptor
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Devise::ENCRYPTORS_LENGTH.each do |key, value|
|
Devise::ENCRYPTORS_LENGTH.each do |key, value|
|
||||||
test "should have length #{value} for #{key.inspect}" do
|
test "should have length #{value} for #{key.inspect}" do
|
||||||
swap Devise, :encryptor => key do
|
swap Devise, :encryptor => key do
|
||||||
assert_equal value, Devise::Encryptors.const_get(key.to_s.classify).digest('a', 2, 'b', 'c').size
|
encryptor = Devise::Encryptors.const_get(key.to_s.classify)
|
||||||
|
assert_equal value, encryptor.digest('a', 4, encryptor.salt, nil).size
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue