authpwn_rails 0.7.5 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.7.5
1
+ 0.8.0
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{authpwn_rails}
8
- s.version = "0.7.5"
8
+ s.version = "0.8.0"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Victor Costan"]
12
- s.date = %q{2011-03-17}
12
+ s.date = %q{2011-04-01}
13
13
  s.description = %q{Works with Facebook.}
14
14
  s.email = %q{victor@costan.us}
15
15
  s.extra_rdoc_files = [
@@ -59,7 +59,7 @@ Gem::Specification.new do |s|
59
59
  ]
60
60
  s.homepage = %q{http://github.com/pwnall/authpwn_rails}
61
61
  s.require_paths = ["lib"]
62
- s.rubygems_version = %q{1.6.0}
62
+ s.rubygems_version = %q{1.5.3}
63
63
  s.summary = %q{User authentication for Rails 3 applications.}
64
64
  s.test_files = [
65
65
  "test/cookie_controller_test.rb",
@@ -1,7 +1,8 @@
1
1
  class CreateUsers < ActiveRecord::Migration
2
2
  def self.up
3
3
  create_table :users do |t|
4
- t.string :email, :limit => 64, :null => false
4
+ t.string :email, :limit => 128, :null => false
5
+ t.string :email_hash, :limit => 64, :null => false
5
6
  t.string :password_salt, :limit => 16, :null => true
6
7
  t.string :password_hash, :limit => 64, :null => true
7
8
 
@@ -9,6 +10,7 @@ class CreateUsers < ActiveRecord::Migration
9
10
  end
10
11
 
11
12
  add_index :users, :email, :unique => true, :null => false
13
+ add_index :users, :email_hash, :unique => true, :null => false
12
14
  end
13
15
 
14
16
  def self.down
@@ -1,9 +1,11 @@
1
1
  jane:
2
2
  email: jane@gmail.com
3
+ email_hash: <%= Digest::SHA2.hexdigest('jane@gmail.com') %>
3
4
  password_salt: 5678
4
5
  password_hash: <%= User.hash_password('pa55w0rd', '5678').inspect %>
5
6
 
6
7
  john:
7
8
  email: john@gmail.com
9
+ email_hash: <%= Digest::SHA2.hexdigest('john@gmail.com') %>
8
10
  password_salt: 1234
9
11
  password_hash: <%= User.hash_password('password', '1234').inspect %>
@@ -21,13 +21,16 @@ module ModelClassMethods
21
21
  def pwnauth_user_model
22
22
  # E-mail address identifying the user account.
23
23
  validates :email, :format => /^[A-Za-z0-9.+_]+@[^@]*\.(\w+)$/,
24
- :presence => true, :length => 1..64, :uniqueness => true
25
-
24
+ :presence => true, :length => 1..128, :uniqueness => true
25
+
26
+ # Hash of e-mail address of the user account.
27
+ validates :email_hash, :length => 64..64, :allow_nil => false
28
+
26
29
  # Random string preventing dictionary attacks on the password database.
27
- validates :password_salt, :length => 1..16, :allow_nil => true
30
+ validates :password_salt, :length => { :in => 1..16, :allow_nil => true }
28
31
 
29
32
  # SHA-256 of (salt + password).
30
- validates :password_hash, :length => 1..64, :allow_nil => true
33
+ validates :password_hash, :length => { :in => 64..64, :allow_nil => true }
31
34
 
32
35
  # Virtual attribute: the user's password.
33
36
  attr_reader :password
@@ -52,7 +55,7 @@ module ModelMetaclassMethods
52
55
  #
53
56
  # Returns nil if no matching User exists.
54
57
  def find_by_param(param)
55
- where(:email => param).first
58
+ where(:email_hash => param).first
56
59
  end
57
60
 
58
61
  # The authenticated user or nil.
@@ -104,13 +107,20 @@ module ModelInstanceMethods
104
107
  def password=(new_password)
105
108
  @password = new_password
106
109
  self.password_salt = self.class.random_salt
107
- self.password_hash = self.class.hash_password new_password, password_salt
110
+ self.password_hash = new_password &&
111
+ self.class.hash_password(new_password, password_salt)
108
112
  end
109
113
 
110
114
  # Use e-mails instead of exposing ActiveRecord IDs.
111
115
  def to_param
112
- email
113
- end
116
+ email_hash
117
+ end
118
+
119
+ # :nodoc: overwrites
120
+ def email=(new_email)
121
+ super
122
+ self.email_hash = new_email && Digest::SHA2.hexdigest(new_email)
123
+ end
114
124
 
115
125
  # Do not expose password and ActiveRecord IDs in JSON representation.
116
126
  def as_json(options = {})
data/test/user_test.rb CHANGED
@@ -37,7 +37,7 @@ class UserTest < ActiveSupport::TestCase
37
37
  end
38
38
 
39
39
  test 'email length' do
40
- @user.email = 'abcde' * 12 + '@mit.edu'
40
+ @user.email = 'abcde' * 25 + '@mit.edu'
41
41
  assert !@user.valid?, 'Overly long user name'
42
42
  end
43
43
 
@@ -63,8 +63,14 @@ class UserTest < ActiveSupport::TestCase
63
63
  assert !@user.valid?
64
64
  end
65
65
 
66
+ test 'password can be nil' do
67
+ @user.password = @user.password_confirmation = nil
68
+ assert @user.valid?
69
+ end
70
+
66
71
  test 'to_param' do
67
- assert_equal 'dvdjohn@mit.edu', @user.to_param
72
+ sha2 = 'fc1ef1be38cd81490f31498d13e58bf273f94d5fa63c75dd8519271a96ff7bd2'
73
+ assert_equal sha2, @user.to_param
68
74
  end
69
75
 
70
76
  test 'password_matches?' do
@@ -77,7 +83,7 @@ class UserTest < ActiveSupport::TestCase
77
83
  test 'find_by_param' do
78
84
  assert_equal users(:john), User.find_by_param(users(:john).to_param)
79
85
  assert_equal users(:jane), User.find_by_param(users(:jane).to_param)
80
- assert_equal nil, User.find_by_param('bogus email')
86
+ assert_equal nil, User.find_by_param('bogus hash')
81
87
  assert_equal nil, User.find_by_param(nil)
82
88
  end
83
89
 
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authpwn_rails
3
3
  version: !ruby/object:Gem::Version
4
- hash: 9
4
+ hash: 63
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
- - 7
9
- - 5
10
- version: 0.7.5
8
+ - 8
9
+ - 0
10
+ version: 0.8.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Victor Costan
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-03-17 00:00:00 -04:00
18
+ date: 2011-04-01 00:00:00 -04:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -145,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
145
145
  requirements: []
146
146
 
147
147
  rubyforge_project:
148
- rubygems_version: 1.6.0
148
+ rubygems_version: 1.5.3
149
149
  signing_key:
150
150
  specification_version: 3
151
151
  summary: User authentication for Rails 3 applications.