mirror of
https://github.com/heartcombo/devise.git
synced 2022-11-09 12:18:31 -05:00
simplifying comparisons (avoind too much negatives) and adding unit test cases
This commit is contained in:
parent
a535b047ff
commit
e4cae200f4
2 changed files with 11 additions and 2 deletions
|
@ -378,8 +378,7 @@ module Devise
|
||||||
|
|
||||||
# constant-time comparison algorithm to prevent timing attacks
|
# constant-time comparison algorithm to prevent timing attacks
|
||||||
def self.secure_compare(a, b)
|
def self.secure_compare(a, b)
|
||||||
return false unless a.present? && b.present?
|
return false if a.blank? || b.blank? || a.bytesize != b.bytesize
|
||||||
return false unless a.bytesize == b.bytesize
|
|
||||||
l = a.unpack "C#{a.bytesize}"
|
l = a.unpack "C#{a.bytesize}"
|
||||||
|
|
||||||
res = 0
|
res = 0
|
||||||
|
|
|
@ -62,4 +62,14 @@ class DeviseTest < ActiveSupport::TestCase
|
||||||
assert_nothing_raised(Exception) { Devise.add_module(:authenticatable_again, :model => 'devise/model/authenticatable') }
|
assert_nothing_raised(Exception) { Devise.add_module(:authenticatable_again, :model => 'devise/model/authenticatable') }
|
||||||
assert defined?(Devise::Models::AuthenticatableAgain)
|
assert defined?(Devise::Models::AuthenticatableAgain)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test 'should complain when comparing empty or different sized passes' do
|
||||||
|
[nil, ""].each do |empty|
|
||||||
|
assert_not Devise.secure_compare(empty, "something")
|
||||||
|
assert_not Devise.secure_compare("something", empty)
|
||||||
|
assert_not Devise.secure_compare(empty, empty)
|
||||||
|
end
|
||||||
|
assert_not Devise.secure_compare("size_1", "size_four")
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue