Remove faux bcrypt encryptor from Devise (it was never released and it wont be until we solve the encryptable issue

2022-11-09 12:18:31 -05:00 · 2012-05-06 12:49:53 +02:00 · 2012-05-06 12:49:53 +02:00 · b07dd76453
commit b07dd76453
parent 4600b4ab22
4 changed files with 10 additions and 24 deletions
--- a/lib/devise.rb
+++ b/lib/devise.rb
@ -23,7 +23,6 @@ module Devise
  module Encryptors
    autoload :Base, 'devise/encryptors/base'
    autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
-    autoload :BCrypt, 'devise/encryptors/bcrypt'
    autoload :ClearanceSha1, 'devise/encryptors/clearance_sha1'
    autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
    autoload :Sha512, 'devise/encryptors/sha512'
--- a/lib/devise/encryptors/bcrypt.rb
+++ b/lib/devise/encryptors/bcrypt.rb
@ -1,17 +0,0 @@
-module Devise
-  module Encryptors
-    # Encryptor for BCrypt. It ignores the values given for salt,
-    # as it is repsonsible for managing its own salt.
-    class BCrypt < Base
-      def self.digest(password, stretches, _salt, pepper)
-        ::BCrypt::Password.create("#{password}#{pepper}", :cost => stretches).to_s
-      end
-
-      def self.compare(encrypted_password, password, _stretches, _salt, pepper)
-        bcrypt   = ::BCrypt::Password.new(encrypted_password)
-        password = ::BCrypt::Engine.hash_secret("#{password}#{pepper}", bcrypt.salt)
-        Devise.secure_compare(password, encrypted_password)
-      end
-    end
-  end
-end
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@ -40,7 +40,9 @@ module Devise
      # Verifies whether an password (ie from sign in) is the user password.
      def valid_password?(password)
        return false if encrypted_password.blank?
-        encryptor_class.compare(encrypted_password, password, self.class.stretches, authenticatable_salt, self.class.pepper)
+        bcrypt   = ::BCrypt::Password.new(encrypted_password)
+        password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt)
+        Devise.secure_compare(password, encrypted_password)
      end

      # Set password and password confirmation to nil
@ -105,11 +107,7 @@ module Devise

      # Digests the password using bcrypt.
      def password_digest(password)
-        encryptor_class.digest(password, self.class.stretches, ::BCrypt::Engine.generate_salt, self.class.pepper)
-      end
-
-      def encryptor_class
-        Devise::Encryptors::BCrypt
+        ::BCrypt::Password.create("#{password}#{self.class.pepper}", :cost => self.class.stretches).to_s
      end

      module ClassMethods
--- a/lib/devise/models/encryptable.rb
+++ b/lib/devise/models/encryptable.rb
@ -35,6 +35,12 @@ module Devise
        super
      end

+      # Validates the password considering the salt.
+      def valid_password?(password)
+        return false if encrypted_password.blank?
+        encryptor_class.compare(encrypted_password, password, self.class.stretches, authenticatable_salt, self.class.pepper)
+      end
+
      # Overrides authenticatable salt to use the new password_salt
      # column. authenticatable_salt is used by `valid_password?`
      # and by other modules whenever there is a need for a random