authpwn_rails 0.7.5 → 0.8.0

data/VERSION

@@ -1 +1 @@
-0.7.5
+0.8.0

data/authpwn_rails.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{authpwn_rails}
-  s.version = "0.7.5"
+  s.version = "0.8.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Victor Costan"]
-  s.date = %q{2011-03-17}
+  s.date = %q{2011-04-01}
   s.description = %q{Works with Facebook.}
   s.email = %q{victor@costan.us}
   s.extra_rdoc_files = [
@@ -59,7 +59,7 @@ Gem::Specification.new do |s|
   ]
   s.homepage = %q{http://github.com/pwnall/authpwn_rails}
   s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.6.0}
+  s.rubygems_version = %q{1.5.3}
   s.summary = %q{User authentication for Rails 3 applications.}
   s.test_files = [
     "test/cookie_controller_test.rb",

data/lib/authpwn_rails/generators/templates/001_create_users.rb

@@ -1,7 +1,8 @@
 class CreateUsers < ActiveRecord::Migration
   def self.up
     create_table :users do |t|
-      t.string :email, :limit => 64, :null => false
+      t.string :email, :limit => 128, :null => false
+      t.string :email_hash, :limit => 64, :null => false
       t.string :password_salt, :limit => 16, :null => true
       t.string :password_hash, :limit => 64, :null => true
       
@@ -9,6 +10,7 @@ class CreateUsers < ActiveRecord::Migration
     end
     
     add_index :users, :email, :unique => true, :null => false
+    add_index :users, :email_hash, :unique => true, :null => false
   end
 
   def self.down

data/lib/authpwn_rails/generators/templates/users.yml

@@ -1,9 +1,11 @@
 jane:
   email: jane@gmail.com
+  email_hash: <%= Digest::SHA2.hexdigest('jane@gmail.com') %>
   password_salt: 5678
   password_hash: <%= User.hash_password('pa55w0rd', '5678').inspect %>
 
 john:
   email: john@gmail.com
+  email_hash: <%= Digest::SHA2.hexdigest('john@gmail.com') %>
   password_salt: 1234
   password_hash: <%= User.hash_password('password', '1234').inspect %>

data/lib/authpwn_rails/user_model.rb

@@ -21,13 +21,16 @@ module ModelClassMethods
   def pwnauth_user_model
     # E-mail address identifying the user account.
     validates :email, :format => /^[A-Za-z0-9.+_]+@[^@]*\.(\w+)$/,
-                      :presence => true, :length => 1..64, :uniqueness => true
-  
+                      :presence => true, :length => 1..128, :uniqueness => true
+    
+    # Hash of e-mail address of the user account.
+    validates :email_hash, :length => 64..64, :allow_nil => false
+    
     # Random string preventing dictionary attacks on the password database.
-    validates :password_salt, :length => 1..16, :allow_nil => true
+    validates :password_salt, :length => { :in => 1..16, :allow_nil => true }
     
     # SHA-256 of (salt + password).
-    validates :password_hash, :length => 1..64, :allow_nil => true
+    validates :password_hash, :length => { :in => 64..64, :allow_nil => true }
       
     # Virtual attribute: the user's password.
     attr_reader :password
@@ -52,7 +55,7 @@ module ModelMetaclassMethods
   #
   # Returns nil if no matching User exists.
   def find_by_param(param)
-    where(:email => param).first
+    where(:email_hash => param).first
   end
   
   # The authenticated user or nil.
@@ -104,13 +107,20 @@ module ModelInstanceMethods
   def password=(new_password)
     @password = new_password
     self.password_salt = self.class.random_salt
-    self.password_hash = self.class.hash_password new_password, password_salt
+    self.password_hash = new_password &&
+                         self.class.hash_password(new_password, password_salt)
   end
   
   # Use e-mails instead of exposing ActiveRecord IDs.
   def to_param
-    email
-  end  
+    email_hash
+  end
+  
+  # :nodoc: overwrites
+  def email=(new_email)
+    super
+    self.email_hash = new_email && Digest::SHA2.hexdigest(new_email)
+  end
   
   # Do not expose password and ActiveRecord IDs in JSON representation.
   def as_json(options = {})

data/test/user_test.rb

@@ -37,7 +37,7 @@ class UserTest < ActiveSupport::TestCase
   end
   
   test 'email length' do
-    @user.email = 'abcde' * 12 + '@mit.edu'
+    @user.email = 'abcde' * 25 + '@mit.edu'
     assert !@user.valid?, 'Overly long user name'
   end
   
@@ -63,8 +63,14 @@ class UserTest < ActiveSupport::TestCase
     assert !@user.valid?
   end
   
+  test 'password can be nil' do
+    @user.password = @user.password_confirmation = nil
+    assert @user.valid?
+  end
+  
   test 'to_param' do
-    assert_equal 'dvdjohn@mit.edu', @user.to_param
+    sha2 = 'fc1ef1be38cd81490f31498d13e58bf273f94d5fa63c75dd8519271a96ff7bd2'
+    assert_equal sha2, @user.to_param
   end
   
   test 'password_matches?' do
@@ -77,7 +83,7 @@ class UserTest < ActiveSupport::TestCase
   test 'find_by_param' do
     assert_equal users(:john), User.find_by_param(users(:john).to_param)
     assert_equal users(:jane), User.find_by_param(users(:jane).to_param)
-    assert_equal nil, User.find_by_param('bogus email')
+    assert_equal nil, User.find_by_param('bogus hash')
     assert_equal nil, User.find_by_param(nil)
   end
   

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: authpwn_rails
 version: !ruby/object:Gem::Version 
-  hash: 9
+  hash: 63
   prerelease: 
   segments: 
   - 0
-  - 7
-  - 5
-  version: 0.7.5
+  - 8
+  - 0
+  version: 0.8.0
 platform: ruby
 authors: 
 - Victor Costan
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-03-17 00:00:00 -04:00
+date: 2011-04-01 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -145,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.6.0
+rubygems_version: 1.5.3
 signing_key: 
 specification_version: 3
 summary: User authentication for Rails 3 applications.