kotovalexarian-likes-github
/
heartcombo--devise
mirror of https://github.com/heartcombo/devise.git
1
0
Fork 0
Code Releases Activity

Changing SECURE_AUTH_SITE_KEY to mattr_accessor, adding gitignore and removing log files from test app.

This commit is contained in:
Carlos A. da Silva 2009-10-07 21:59:21 -03:00
parent 7ce49cbbe8
commit f8f8ba06a1
5 changed files with 13 additions and 26297 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
log/*
tmp/*
*~
coverage/*
*.sqlite3

12
lib/devise/models/authenticable.rb
View File

@ -2,8 +2,9 @@ module Devise
module Authenticable
require 'digest/sha1'
# Auth key for encrypting password
SECURE_AUTH_SITE_KEY = '23c64df433d9b08e464db5c05d1e6202dd2823f0'
# Pepper for encrypting password
mattr_accessor :pepper
self.pepper = '23c64df433d9b08e464db5c05d1e6202dd2823f0'
def self.included(base)
base.class_eval do
@ -47,11 +48,11 @@ module Devise
self.encrypted_password = password_digest(password)
end
# Gererates a default password digest based on salt, SECURE_AUTH_SITE_KEY
# and the incoming password
# Gererates a default password digest based on salt, pepper and the
# incoming password
#
def password_digest(password_to_digest)
secure_digest(password_salt, SECURE_AUTH_SITE_KEY, password_to_digest)
secure_digest(password_salt, @@pepper, password_to_digest)
end
# Generate a SHA1 digest joining args. Generated token is something like
@ -80,4 +81,3 @@ module Devise
end
end
end

4
test/models/authenticable_test.rb
View File

@ -91,9 +91,9 @@ class AuthenticableTest < ActiveSupport::TestCase
end
test 'should encrypt password using a sha1 hash' do
digest_key = Devise::Authenticable::SECURE_AUTH_SITE_KEY
Devise::Authenticable.pepper = 'pepper'
user = create_user
expected_password = ::Digest::SHA1.hexdigest("--#{user.password_salt}--#{digest_key}--123456--")
expected_password = ::Digest::SHA1.hexdigest("--#{user.password_salt}--pepper--123456--")
assert_equal expected_password, user.encrypted_password
end

1
test/rails_app/log/development.log
View File

@ -1 +0,0 @@
# Logfile created on Wed Oct 07 20:20:37 -0300 2009

26288
test/rails_app/log/test.log
View File

File diff suppressed because it is too large Load Diff