mirror of
https://github.com/heartcombo/devise.git
synced 2022-11-09 12:18:31 -05:00
c4b4411513
Throughout the documentations, we are using 'encrypt' incorrectly. Encrypt means that someone will eventually decrypt the message, which is obviously not the case for Devise. I'm changing the docs to use 'hashing' instead. However, I left the database field as `encrypted_password` for now. I'll update the db field in an upcoming PR.
22 lines
644 B
Ruby
22 lines
644 B
Ruby
require 'bcrypt'
|
|
|
|
module Devise
|
|
module Encryptor
|
|
def self.digest(klass, password)
|
|
if klass.pepper.present?
|
|
password = "#{password}#{klass.pepper}"
|
|
end
|
|
::BCrypt::Password.create(password, cost: klass.stretches).to_s
|
|
end
|
|
|
|
def self.compare(klass, hashed_password, password)
|
|
return false if hashed_password.blank?
|
|
bcrypt = ::BCrypt::Password.new(hashed_password)
|
|
if klass.pepper.present?
|
|
password = "#{password}#{klass.pepper}"
|
|
end
|
|
password = ::BCrypt::Engine.hash_secret(password, bcrypt.salt)
|
|
Devise.secure_compare(password, hashed_password)
|
|
end
|
|
end
|
|
end
|