kotovalexarian-likes-github/heartcombo--devise
1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
Code Releases Activity

Remove faux bcrypt encryptor from Devise (it was never released and it wont be until we solve the encryptable issue

Browse source
This commit is contained in:
José Valim 2012-05-06 12:49:53 +02:00
parent 4600b4ab22
commit b07dd76453
4 changed files with 10 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lib/devise.rb
View file

@ -23,7 +23,6 @@ module Devise
module Encryptors module Encryptors
autoload :Base, 'devise/encryptors/base' autoload :Base, 'devise/encryptors/base'
autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512' autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
autoload :BCrypt, 'devise/encryptors/bcrypt'
autoload :ClearanceSha1, 'devise/encryptors/clearance_sha1' autoload :ClearanceSha1, 'devise/encryptors/clearance_sha1'
autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1' autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
autoload :Sha512, 'devise/encryptors/sha512' autoload :Sha512, 'devise/encryptors/sha512'

17
lib/devise/encryptors/bcrypt.rb
View file

@ -1,17 +0,0 @@
module Devise
module Encryptors
# Encryptor for BCrypt. It ignores the values given for salt,
# as it is repsonsible for managing its own salt.
class BCrypt < Base
def self.digest(password, stretches, _salt, pepper)
::BCrypt::Password.create("#{password}#{pepper}", :cost => stretches).to_s
end
def self.compare(encrypted_password, password, _stretches, _salt, pepper)
bcrypt = ::BCrypt::Password.new(encrypted_password)
password = ::BCrypt::Engine.hash_secret("#{password}#{pepper}", bcrypt.salt)
Devise.secure_compare(password, encrypted_password)
end
end
end
end

10
lib/devise/models/database_authenticatable.rb
View file

@ -40,7 +40,9 @@ module Devise
# Verifies whether an password (ie from sign in) is the user password. # Verifies whether an password (ie from sign in) is the user password.
def valid_password?(password) def valid_password?(password)
return false if encrypted_password.blank? return false if encrypted_password.blank?
encryptor_class.compare(encrypted_password, password, self.class.stretches, authenticatable_salt, self.class.pepper) bcrypt = ::BCrypt::Password.new(encrypted_password)
password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt)
Devise.secure_compare(password, encrypted_password)
end end
# Set password and password confirmation to nil # Set password and password confirmation to nil
@ -105,11 +107,7 @@ module Devise
# Digests the password using bcrypt. # Digests the password using bcrypt.
def password_digest(password) def password_digest(password)
encryptor_class.digest(password, self.class.stretches, ::BCrypt::Engine.generate_salt, self.class.pepper) ::BCrypt::Password.create("#{password}#{self.class.pepper}", :cost => self.class.stretches).to_s
end
def encryptor_class
Devise::Encryptors::BCrypt
end end
module ClassMethods module ClassMethods

6
lib/devise/models/encryptable.rb
View file

@ -35,6 +35,12 @@ module Devise
super super
end end
# Validates the password considering the salt.
def valid_password?(password)
return false if encrypted_password.blank?
encryptor_class.compare(encrypted_password, password, self.class.stretches, authenticatable_salt, self.class.pepper)
end
# Overrides authenticatable salt to use the new password_salt # Overrides authenticatable salt to use the new password_salt
# column. authenticatable_salt is used by `valid_password?` # column. authenticatable_salt is used by `valid_password?`
# and by other modules whenever there is a need for a random # and by other modules whenever there is a need for a random