RubyGems - acts_as_tokenable - Versions diffs - 1.0.0 → 1.1.0 - Mend

acts_as_tokenable 1.0.0 → 1.1.0

Files changed (6) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6ff886775475e5a6aa7a916ebd039015bfd5d06d
-  data.tar.gz: dd441d8e815f55a4b4e0845b2969c9a108e01e43
+  metadata.gz: 2f02687548612702d1f8d208d022e65d206cce53
+  data.tar.gz: 11087874d00ba02d0cfb5615ef7ea51ca608fb28
 SHA512:
-  metadata.gz: 21b3021fb3d0ac2eabe30498fe25655f72e4bca6a172fe36d8cdafb55ce322d074390083b38627b613088a4e85c85711c88380c65a5d56e4cc449cfdba0b506a
-  data.tar.gz: 17371a358ade274565b7bee453711107de0331951a92254e9b80febb86fd33d713c4ee225bc5176b38e1df24fac4dd57714ae00f61e035157a547e0ed1ff6442
+  metadata.gz: f03ee83b09c7b5b3d6070f75948bddeb4cc8b98a504ffeae4cf12474dadcc0f4b3f8d4475be3f43412aa5c75fbfd7c471d511b49fe1963e61cf960079d77ebfd
+  data.tar.gz: 01ec12522e621b7cfde4c68a36178af714c3c352adbaef5205f3a77ecb5b6374677a6a202e31c32231cee647b96fc499cdf34c1b10303002430664baaabf3b09

@@ -3,6 +3,8 @@ require 'bcrypt'
 module ActsAsTokenable
   class Token < ActiveRecord::Base
+    attr_accessor :token_hash
     before_update { false }
     belongs_to :tokenable, polymorphic: true
@@ -13,19 +15,18 @@ module ActsAsTokenable
     scope :active, -> { where('expires_at > ?', DateTime.now) }
     before_validation :generate_token_id
-    before_validation :generate_token_hash
+    before_validation :generate_token
     private
       def generate_token_id
         begin
           self.token_id = SecureRandom.hex(16)
         end while self.class.exists?(token_id: self.token_id)
       end
-      def generate_token_hash
-        secret = SecureRandom.urlsafe_base64(16)
-        self.token_hash = BCrypt::Password.create(secret, cost: cost)
+      def generate_token
+        self.token = SecureRandom.urlsafe_base64(32)
+        self.token_hash = BCrypt::Password.create(token, cost: cost)
       end
       def cost

@@ -3,7 +3,7 @@ class CreateActsAsTokenableTokens < ActiveRecord::Migration
     create_table :acts_as_tokenable_tokens, :id => false do |t|
       t.belongs_to :tokenable, polymorphic: true, index: true, index: { name: 'acts_as_tokenable_tokens_polymorphic' }
       t.string :token_id, unique: true
-      t.string :token_hash
+      t.string :token
       t.datetime :expires_at
       t.timestamps null: false

@@ -12,12 +12,12 @@ module ActsAsTokenable
         class << self
           def find_by_token(token_id, token_hash)
-            token = ActsAsTokenable::Token.active.find_by(:token_id => token_id)
+            token_record = ActsAsTokenable::Token.active.find_by(:token_id => token_id)
-            return nil unless token
+            return nil unless token_record
-            if ActiveSupport::SecurityUtils.secure_compare(token.token_hash, token_hash)
-              token.try(:tokenable)
+            if BCrypt::Password.new(token_hash) == token_record.token
+              token_record.try(:tokenable)
             else
               nil
             end
@@ -25,7 +25,6 @@ module ActsAsTokenable
         end
         private
           def default_options
             {
               :expires_at => 30.days.from_now

@@ -1,3 +1,3 @@
 module ActsAsTokenable
-  VERSION = "1.0.0"
+  VERSION = "1.1.0"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: acts_as_tokenable
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Sergey Novikov
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-06-10 00:00:00.000000000 Z
+date: 2015-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails