acts_as_tokenable 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6ff886775475e5a6aa7a916ebd039015bfd5d06d
-  data.tar.gz: dd441d8e815f55a4b4e0845b2969c9a108e01e43
+  metadata.gz: 2f02687548612702d1f8d208d022e65d206cce53
+  data.tar.gz: 11087874d00ba02d0cfb5615ef7ea51ca608fb28
 SHA512:
-  metadata.gz: 21b3021fb3d0ac2eabe30498fe25655f72e4bca6a172fe36d8cdafb55ce322d074390083b38627b613088a4e85c85711c88380c65a5d56e4cc449cfdba0b506a
-  data.tar.gz: 17371a358ade274565b7bee453711107de0331951a92254e9b80febb86fd33d713c4ee225bc5176b38e1df24fac4dd57714ae00f61e035157a547e0ed1ff6442
+  metadata.gz: f03ee83b09c7b5b3d6070f75948bddeb4cc8b98a504ffeae4cf12474dadcc0f4b3f8d4475be3f43412aa5c75fbfd7c471d511b49fe1963e61cf960079d77ebfd
+  data.tar.gz: 01ec12522e621b7cfde4c68a36178af714c3c352adbaef5205f3a77ecb5b6374677a6a202e31c32231cee647b96fc499cdf34c1b10303002430664baaabf3b09

data/app/models/acts_as_tokenable/token.rb

@@ -3,6 +3,8 @@ require 'bcrypt'
 
 module ActsAsTokenable
   class Token < ActiveRecord::Base
+    attr_accessor :token_hash
+
     before_update { false }
 
     belongs_to :tokenable, polymorphic: true
@@ -13,19 +15,18 @@ module ActsAsTokenable
     scope :active, -> { where('expires_at > ?', DateTime.now) }
 
     before_validation :generate_token_id
-    before_validation :generate_token_hash
+    before_validation :generate_token
 
     private
-
       def generate_token_id
         begin
           self.token_id = SecureRandom.hex(16)
         end while self.class.exists?(token_id: self.token_id)
       end
 
-      def generate_token_hash
-        secret = SecureRandom.urlsafe_base64(16)
-        self.token_hash = BCrypt::Password.create(secret, cost: cost)
+      def generate_token
+        self.token = SecureRandom.urlsafe_base64(32)
+        self.token_hash = BCrypt::Password.create(token, cost: cost)
       end
 
       def cost

data/db/migrate/20150609134016_create_acts_as_tokenable_tokens.rb

@@ -3,7 +3,7 @@ class CreateActsAsTokenableTokens < ActiveRecord::Migration
     create_table :acts_as_tokenable_tokens, :id => false do |t|
       t.belongs_to :tokenable, polymorphic: true, index: true, index: { name: 'acts_as_tokenable_tokens_polymorphic' }
       t.string :token_id, unique: true
-      t.string :token_hash
+      t.string :token
       t.datetime :expires_at
 
       t.timestamps null: false

data/lib/acts_as_tokenable/tokenable.rb

@@ -12,12 +12,12 @@ module ActsAsTokenable
 
         class << self
           def find_by_token(token_id, token_hash)
-            token = ActsAsTokenable::Token.active.find_by(:token_id => token_id)
+            token_record = ActsAsTokenable::Token.active.find_by(:token_id => token_id)
 
-            return nil unless token
+            return nil unless token_record
 
-            if ActiveSupport::SecurityUtils.secure_compare(token.token_hash, token_hash)
-              token.try(:tokenable)
+            if BCrypt::Password.new(token_hash) == token_record.token
+              token_record.try(:tokenable)
             else
               nil
             end
@@ -25,7 +25,6 @@ module ActsAsTokenable
         end
 
         private
-
           def default_options
             {
               :expires_at => 30.days.from_now

data/lib/acts_as_tokenable/version.rb

@@ -1,3 +1,3 @@
 module ActsAsTokenable
-  VERSION = "1.0.0"
+  VERSION = "1.1.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: acts_as_tokenable
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Sergey Novikov
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-10 00:00:00.000000000 Z
+date: 2015-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails