alfa 0.0.6.pre → 0.0.7.pre

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 42b04d75d9c3ed910907e1c46163b85226939122
-  data.tar.gz: ffbf8a3228d0271f6c8a631ad3f626484c7ec4ba
+  metadata.gz: 135f4d850e0a5f9d909bfbd6fcf716c08c44619a
+  data.tar.gz: 1c49574ec9d31e98d33622304694c3d0935ff9d5
 SHA512:
-  metadata.gz: 0625ca1aba2e5eb757cbd0d613fa4b2712c4c6c130093cf39c43e9b9c21fd8948bfaca6f6a8bbe2d3cc8876dbf8d637afc61f29835eeed22d3bcf309d5737f0f
-  data.tar.gz: e4195b642f031804e08eca399335b95b48604d7a98d0c64eca640c322f4eb3bf3fada7e3a36a3d81c438bf928a932c077c3413b7e1a6ebe6e58b7cb5de6332cb
+  metadata.gz: 3d6dba8c6f5f3970313d9f222630f38675554f9164287c33a97957ab713da7fac5c72a4fb29dae0341ea38f577bc6ad3867ca249eabec973cde54a62ee25f1c4
+  data.tar.gz: 17786702229e4212107ec51232513f04d9726c7d945999b422bb65704a06e7c2372f0d221388cc103a5a03cfb8247f00127c07f0dba89ecffaeecf4db47eb7ab

data/dummy/project/db/main/migrations/20000000000000_users.rb

@@ -0,0 +1,29 @@
+# Migration 20000000000000
+# Don't rename this file after implement migration
+
+Sequel.migration do
+  up do
+    # Put up migration code here
+    # Use Sequel migration syntax (http://sequel.jeremyevans.net/rdoc/files/doc/schema_modification_rdoc.html) or native SQL (run "SQL command")
+    create_table :users do
+      primary_key :id
+      column :login, String, null: false
+      column :salt, String, fixed: true, size: 10, null: false
+      column :passhash, String, fixed: true, size: 60, null: false
+      column :groups, String, text: true
+      column :email, String
+      column :first_name, String, size: 100
+      column :last_name, String, size: 100
+      column :created_at, DateTime
+      column :updated_at, DateTime
+      unique :login
+      unique :email
+    end
+    User.set_dataset :users
+  end
+
+  down do
+    # Put down migration code here
+    drop_table :users
+  end
+end

data/dummy/project/db/main/models/user.rb

@@ -0,0 +1,11 @@
+require 'json'
+
+class User < Sequel::Model(DB::Main[:users])
+  prepend Alfa::UserModule
+  plugin :serialization, :json, :groups
+
+  def before_save
+    self.groups ||= []
+    super
+  end
+end

data/lib/alfa/application.rb

@@ -2,6 +2,7 @@ require 'alfa/logger'
 require 'alfa/config'
 require 'alfa/exceptions'
 require 'alfa/user'
+require 'bcrypt'
 
 Encoding.default_external = 'utf-8'
 Encoding.default_internal = 'utf-8'
@@ -64,7 +65,7 @@ module Alfa
         unless User.first(:login=>login)
           @logger.portion do |l|
             salt = SecureRandom.hex(5)
-            passhash = Digest::MD5.hexdigest("#{salt}#{password}")
+            passhash = BCrypt::Password.create("#{salt}#{password}")
             User.create(:login=>login, :salt=>salt, :passhash=>passhash)
             l.info("created new user login=#{login}, password=***, salt=#{salt}, passhash=#{passhash}")
           end

data/lib/alfa/user.rb

@@ -1,5 +1,5 @@
-require 'digest/md5'
 require 'securerandom'
+require 'bcrypt'
 
 module Alfa
   class << self
@@ -84,11 +84,11 @@ module Alfa
   module UserModule
     def password=(p)
       self.salt = SecureRandom.hex(5)
-      self.passhash = Digest::MD5.hexdigest("#{self.salt}#{p}")
+      self.passhash = BCrypt::Password.create("#{self.salt}#{p}")
     end
 
     def password_valid?(p)
-      self.passhash == Digest::MD5.hexdigest("#{self.salt}#{p}")
+      BCrypt::Password.new(self.passhash) == "#{self.salt}#{p}"
     end
 
     def groups=(g)

data/lib/alfa/wrapper.rb

@@ -53,7 +53,8 @@ module Alfa
     # Return current user
     def user
       @user ||= (
-        if @request.session[:user_id] && (u = ::User.first(id: @request.session[:user_id]))
+        u = ::User.first(id: @request.session[:user_id])
+        if @request.session[:user_id] && u && @request.session[:passhash] == u[:passhash]
           Alfa::User.new(u)
         else
           GuestUser
@@ -79,9 +80,10 @@ module Alfa
     def try_login(login, password)
       u = @application.config[:db][:main][:instance][:users].first(login: login)
       raise "No such login: #{login}" unless u
-      if u[:passhash] == Digest::MD5.hexdigest("#{u[:salt]}#{password}")
+      if BCrypt::Password.new(u[:passhash]) == "#{u[:salt]}#{password}"
         # success
         session[:user_id] = u[:id]
+        session[:passhash] = u[:passhash]
         return true
       else
         # fail

data/version.rb

@@ -1 +1 @@
-ALFA_VERSION = '0.0.6.pre'
+ALFA_VERSION = '0.0.7.pre'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: alfa
 version: !ruby/object:Gem::Version
-  version: 0.0.6.pre
+  version: 0.0.7.pre
 platform: ruby
 authors:
 - Valentin Syrovatskiy
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-05-19 00:00:00.000000000 Z
+date: 2014-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rvm
@@ -172,6 +172,26 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 0.3.1
+- !ruby/object:Gem::Dependency
+  name: bcrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.7
 description: ''
 email: vsyrovat@gmail.com
 executables:
@@ -427,7 +447,9 @@ files:
 - dummy/project/config/setup_load_paths.rb
 - dummy/project/config/web_application.rb
 - dummy/project/db/main/migrations/.keep
+- dummy/project/db/main/migrations/20000000000000_users.rb
 - dummy/project/db/main/models/.keep
+- dummy/project/db/main/models/user.rb
 - dummy/project/db/main/schema.yml
 - dummy/project/db/main/schema/.keep
 - dummy/project/db/main/seed.rb