diff --git a/lib/devise.rb b/lib/devise.rb index 875d0a12..91ee3b49 100644 --- a/lib/devise.rb +++ b/lib/devise.rb @@ -23,6 +23,7 @@ module Devise module Encryptors autoload :Base, 'devise/encryptors/base' autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512' + autoload :BCrypt, 'devise/encryptors/bcrypt' autoload :ClearanceSha1, 'devise/encryptors/clearance_sha1' autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1' autoload :Sha512, 'devise/encryptors/sha512' diff --git a/lib/devise/encryptors/bcrypt.rb b/lib/devise/encryptors/bcrypt.rb new file mode 100644 index 00000000..32515cd1 --- /dev/null +++ b/lib/devise/encryptors/bcrypt.rb @@ -0,0 +1,9 @@ +module Devise + module Encryptors + class BCrypt < Base + def self.digest(password, salt, stretches, pepper) + ::BCrypt::Engine.hash_secret("#{password}#{pepper}",salt, stretches) + end + end + end +end diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb index 0166188e..f2757550 100644 --- a/lib/devise/models/database_authenticatable.rb +++ b/lib/devise/models/database_authenticatable.rb @@ -41,7 +41,7 @@ module Devise def valid_password?(password) return false if encrypted_password.blank? bcrypt = ::BCrypt::Password.new(self.encrypted_password) - password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt) + password = Devise::Encryptors::BCrypt.digest(password, bcrypt.salt, self.class.stretches, self.class.pepper) Devise.secure_compare(password, self.encrypted_password) end @@ -107,7 +107,7 @@ module Devise # Digests the password using bcrypt. def password_digest(password) - ::BCrypt::Password.create("#{password}#{self.class.pepper}", :cost => self.class.stretches).to_s + Devise::Encryptors::BCrypt.digest(password, ::BCrypt::Engine.generate_salt, self.class.stretches, self.class.pepper) end module ClassMethods