Changing SECURE_AUTH_SITE_KEY to mattr_accessor, adding gitignore and removing log files from test app.
This commit is contained in:
parent
7ce49cbbe8
commit
f8f8ba06a1
|
@ -0,0 +1,5 @@
|
|||
log/*
|
||||
tmp/*
|
||||
*~
|
||||
coverage/*
|
||||
*.sqlite3
|
|
@ -2,8 +2,9 @@ module Devise
|
|||
module Authenticable
|
||||
require 'digest/sha1'
|
||||
|
||||
# Auth key for encrypting password
|
||||
SECURE_AUTH_SITE_KEY = '23c64df433d9b08e464db5c05d1e6202dd2823f0'
|
||||
# Pepper for encrypting password
|
||||
mattr_accessor :pepper
|
||||
self.pepper = '23c64df433d9b08e464db5c05d1e6202dd2823f0'
|
||||
|
||||
def self.included(base)
|
||||
base.class_eval do
|
||||
|
@ -47,11 +48,11 @@ module Devise
|
|||
self.encrypted_password = password_digest(password)
|
||||
end
|
||||
|
||||
# Gererates a default password digest based on salt, SECURE_AUTH_SITE_KEY
|
||||
# and the incoming password
|
||||
# Gererates a default password digest based on salt, pepper and the
|
||||
# incoming password
|
||||
#
|
||||
def password_digest(password_to_digest)
|
||||
secure_digest(password_salt, SECURE_AUTH_SITE_KEY, password_to_digest)
|
||||
secure_digest(password_salt, @@pepper, password_to_digest)
|
||||
end
|
||||
|
||||
# Generate a SHA1 digest joining args. Generated token is something like
|
||||
|
@ -80,4 +81,3 @@ module Devise
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -91,9 +91,9 @@ class AuthenticableTest < ActiveSupport::TestCase
|
|||
end
|
||||
|
||||
test 'should encrypt password using a sha1 hash' do
|
||||
digest_key = Devise::Authenticable::SECURE_AUTH_SITE_KEY
|
||||
Devise::Authenticable.pepper = 'pepper'
|
||||
user = create_user
|
||||
expected_password = ::Digest::SHA1.hexdigest("--#{user.password_salt}--#{digest_key}--123456--")
|
||||
expected_password = ::Digest::SHA1.hexdigest("--#{user.password_salt}--pepper--123456--")
|
||||
assert_equal expected_password, user.encrypted_password
|
||||
end
|
||||
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
# Logfile created on Wed Oct 07 20:20:37 -0300 2009
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue