kotovalexarian-likes-github/heartcombo--devise
1
0
Fork 0
mirror of https://github.com/heartcombo/devise.git synced 2022-11-09 12:18:31 -05:00
Code Releases Activity

Merge pull request #5074 from sergey-alekseev/increase-default-stretches-to-12

Browse source 
Increase default stretches to 12
This commit is contained in:
Marcos Ferreira 2019-09-17 13:30:55 -03:00 committed by GitHub
commit b52e642c01
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -17,6 +17,7 @@
* bug fixes
* Add `autocomplete="new-password"` to `password_confirmation` fields (by @ferrl)
* Fix rails_51_and_up? method for Rails 6.rc1 (by @igorkasyanchuk)
* Increase default stretches to 12 (by @sergey-alekseev)
### 4.6.2 - 2019-03-26

2
README.md
View file

@ -270,7 +270,7 @@ member_session
The Devise method in your models also accepts some options to configure its modules. For example, you can choose the cost of the hashing algorithm with:
```ruby
devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 12
devise :database_authenticatable, :registerable, :confirmable, :recoverable, stretches: 13
```
Besides `:stretches`, you can define `:pepper`, `:encryptor`, `:confirm_within`, `:remember_for`, `:timeout_in`, `:unlock_in` among other options. For more details, see the initializer file that was created when you invoked the "devise:install" generator described above. This file is usually located at `/config/initializers/devise.rb`.

2
lib/devise.rb
View file

@ -71,7 +71,7 @@ module Devise
# The number of times to hash the password.
mattr_accessor :stretches
@@stretches = 11
@@stretches = 12
# The default key used when authenticating over http auth.
mattr_accessor :http_authentication_key

4
lib/generators/templates/devise.rb
View file

@ -103,7 +103,7 @@ Devise.setup do |config|
# config.reload_routes = true
# ==> Configuration for :database_authenticatable
# For bcrypt, this is the cost for hashing the password and defaults to 11. If
# For bcrypt, this is the cost for hashing the password and defaults to 12. If
# using other algorithms, it sets how many times you want the password to be hashed.
#
# Limiting the stretches to just one in testing will increase the performance of
@ -111,7 +111,7 @@ Devise.setup do |config|
# a value less than 10 in other environments. Note that, for bcrypt (the default
# algorithm), the cost increases exponentially with the number of stretches (e.g.
# a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
config.stretches = Rails.env.test? ? 1 : 11
config.stretches = Rails.env.test? ? 1 : 12
# Set up a pepper to generate the hashed password.
# config.pepper = '<%= SecureRandom.hex(64) %>'