auto_hash 0.2.0 → 0.3.0

data/README.html

@@ -9,21 +9,27 @@
 <h2>File: README.rdoc</h2>
 <table>
   <tr><td>Path:</td><td>README.rdoc</td></tr>
-  <tr><td>Modified:</td><td>Thu Aug 05 04:26:11 -0400 2010</td></tr>
+  <tr><td>Modified:</td><td>Thu Aug 12 21:17:47 -0400 2010</td></tr>
 </table>
 
 <h1>auto_hash</h1>
 <p>
-A Ruby on Rails plugin to automate hashing an activerecord field and saving
-as a salt and digest in a single field.
+A Ruby on Rails plugin to automate the cryptographic hashing of an
+activerecord field.
+</p>
+<p>
+UPDATE: auto_hash has quickly evolved to be a activerecord plugin that
+merely wraps the excellent bcrypt-ruby library. <a
+href="http://bcrypt-ruby.rubyforge.org">bcrypt-ruby.rubyforge.org</a>
 </p>
 <p>
 Works with both rails 2x and 3x
 </p>
 <p>
-WARNING: untested with ruby 1.9 at the moment.
+WARNING: untested with ruby 1.9.2 at the moment. (Couldn&#8216;t get rails
+3x to work with ruby 1.9.2 - too early I guess)
 </p>
-<h2>Synopsis</h2>
+<h3>Synopsis</h3>
 <pre>
    # In Model
    class User &lt; ActiveRecord::Base
@@ -31,19 +37,16 @@ WARNING: untested with ruby 1.9 at the moment.
    end
 
    # Elsewhere
-   user = User.new(:username =&gt; &quot;kevin&quot;, :password =&gt; &quot;asdf&quot;)
-   user.password #=&gt; &quot;6cc4ce889e770343f4b0d3708851f6624b5c1dda4bc4b6dd23ace50328fcd3e0-b99d218de031fad5df71&quot;
-   user.password_hash_match?(&quot;asdf&quot;) # =&gt; true
+   user = User.create(:email =&gt; &quot;kevin@example.com&quot;, :password =&gt; &quot;asdf&quot;)
+   user.password #=&gt; &quot;$2a$10$0DvrQ.HMKRySMJrn0cGEM.AcesF82tkeBfNLTZTZ.VSWePihZD3mG&quot;
+   user.password == &quot;asdf&quot; # =&gt; true
 
    # works with updating fields also
-   user = User.find_by_username(&quot;kevin&quot;)
+   user = User.find_by_email(&quot;kevin@example.com&quot;)
    user.password = &quot;better_password&quot;
-   user.password_hash_match?(&quot;better_password&quot;) # =&gt; true
-</pre>
-<h2>Installing</h2>
-<pre>
-   sudo gem install auto_hash
+   user.password == &quot;better_password&quot; # =&gt; true
 </pre>
+<h3>Rails configuration (nothing unusual)</h3>
 <p>
 For rails 2x, in environment.rb
 </p>
@@ -58,25 +61,7 @@ For rails 3x, in Gemfile
 <pre>
    gem &quot;auto_hash&quot;
 </pre>
-<h2>Details</h2>
-<p>
-The hashing is pretty simple, you&#8216;ll find something like this in the
-source:
-</p>
-<pre>
-    salt = ActiveSupport::SecureRandom.hex(10)
-    hash = Digest::SHA2.new.update(value + salt).to_s
-</pre>
-<p>
-The value stored in the database field is a hash appended with its salt, as
-&quot;hash-salt&quot;
-</p>
-<p>
-In case you weren&#8216;t sure, a salt is not necessarily a secret - its
-simply a way to defeat dictionary attacks by adding huge variety to the
-hashed value.
-</p>
-<h2>Copyright</h2>
+<h3>Copyright</h3>
 <p>
 Copyright (c) 2010 Kevin Swope. See LICENSE for details.
 </p>
@@ -94,4 +79,4 @@ Files:   1
 Classes: 0
 Modules: 0
 Methods: 0
-Elapsed: 0.030s
+Elapsed: 0.044s

data/README.rdoc

@@ -1,13 +1,18 @@
 = auto_hash
 
-A Ruby on Rails plugin to automate hashing an activerecord field and
-saving as a salt and digest in a single field.
+A Ruby on Rails plugin to automate the cryptographic hashing of an
+activerecord field.
+
+UPDATE: auto_hash has quickly evolved to be a activerecord plugin that
+merely wraps the excellent bcrypt-ruby
+library. http://bcrypt-ruby.rubyforge.org
 
 Works with both rails 2x and 3x
 
-WARNING: untested with ruby 1.9 at the moment.
+WARNING: untested with ruby 1.9.2 at the moment. (Couldn't get rails
+3x to work with ruby 1.9.2 - too early I guess)
 
-== Synopsis
+=== Synopsis
 
    # In Model
    class User < ActiveRecord::Base
@@ -15,18 +20,16 @@ WARNING: untested with ruby 1.9 at the moment.
    end
 
    # Elsewhere
-   user = User.new(:username => "kevin", :password => "asdf")
-   user.password #=> "6cc4ce889e770343f4b0d3708851f6624b5c1dda4bc4b6dd23ace50328fcd3e0-b99d218de031fad5df71"
-   user.password_hash_match?("asdf") # => true
+   user = User.create(:email => "kevin@example.com", :password => "asdf")
+   user.password #=> "$2a$10$0DvrQ.HMKRySMJrn0cGEM.AcesF82tkeBfNLTZTZ.VSWePihZD3mG"
+   user.password == "asdf" # => true
 
    # works with updating fields also
-   user = User.find_by_username("kevin")
+   user = User.find_by_email("kevin@example.com")
    user.password = "better_password"
-   user.password_hash_match?("better_password") # => true
-
-== Installing
+   user.password == "better_password" # => true
 
-   sudo gem install auto_hash
+=== Rails configuration (nothing unusual)
 
 For rails 2x, in environment.rb
     Rails::Initializer.run do |config| do
@@ -36,21 +39,6 @@ For rails 2x, in environment.rb
 For rails 3x, in Gemfile
    gem "auto_hash"
 
-
-== Details
-
-The hashing is pretty simple, you'll find something like this in the source:
-
-    salt = ActiveSupport::SecureRandom.hex(10)
-    hash = Digest::SHA2.new.update(value + salt).to_s
-
-The value stored in the database field is a hash appended with its salt, as
-"hash-salt"
-
-In case you weren't sure, a salt is not necessarily a secret - its
-simply a way to defeat dictionary attacks by adding huge variety to
-the hashed value.
-
-== Copyright
+=== Copyright
 
 Copyright (c) 2010 Kevin Swope. See LICENSE for details.

data/Rakefile

@@ -12,6 +12,7 @@ begin
     gem.email = "gems-kevdev@snkmail.com"
     gem.homepage = "http://github.com/kswope/auto_hash"
     gem.authors = ["Kevin Swope"]
+    gem.add_dependency('bcrypt-ruby')
     # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
   end
   Jeweler::GemcutterTasks.new

data/VERSION

@@ -1 +1 @@
-0.2.0
+0.3.0

data/auto_hash.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{auto_hash}
-  s.version = "0.2.0"
+  s.version = "0.3.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Kevin Swope"]
-  s.date = %q{2010-08-05}
+  s.date = %q{2010-08-14}
   s.description = %q{Ruby on Rails plugin to automate hashing an activerecord field and saving as a salt and digest in a single field.}
   s.email = %q{gems-kevdev@snkmail.com}
   s.extra_rdoc_files = [
@@ -147,9 +147,12 @@ Gem::Specification.new do |s|
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<bcrypt-ruby>, [">= 0"])
     else
+      s.add_dependency(%q<bcrypt-ruby>, [">= 0"])
     end
   else
+    s.add_dependency(%q<bcrypt-ruby>, [">= 0"])
   end
 end
 

data/created.rid

@@ -1 +1 @@
-Thu, 05 Aug 2010 04:26:12 -0400
+Thu, 12 Aug 2010 21:17:48 -0400

data/init.rb

@@ -2,3 +2,4 @@
 # NOTE: this file is for rails 2x only
 
 require "auto_hash"
+

data/lib/auto_hash.rb

@@ -1,4 +1,6 @@
 
+require 'bcrypt'
+
 module AutoHash
 
   def self.included(base)
@@ -16,7 +18,7 @@ module AutoHash
         # Dynamically define a new setter
         define_method "#{field_name}=" do |value|
 
-          value = AutoHashBuilder.auto_hash_create(value)
+          value = BCrypt::Password.create(value)
 
           # write_attribute() is the documented way to write to a AR
           # field after you've overridden the setter,
@@ -26,49 +28,13 @@ module AutoHash
         end
 
         # Dynamically define the "comparer"
-        define_method "#{field_name}_hash_match?" do |match|
-          existing = send(field_name)
-          value = AutoHashBuilder.auto_hash_compare(existing, match.to_s)
-        end
+        define_method "#{field_name}" do
 
-      end
-
-    end
-
-    # This nested class is here only to avoid exposing the autohash
-    # inner api to the AR model. It has no other excuse to be a class.
-    class AutoHashBuilder
-
-      class << self
-
-        def auto_hash_create(value)
-          salt = ActiveSupport::SecureRandom.hex(10)
-          hash = create_hash(value, salt)
-          "#{hash}-#{salt}"
-        end
+          BCrypt::Password.new(read_attribute(field_name))
 
-        def auto_hash_compare(hash, value)
-          salt = extract_salt_part(hash)
-          hash_old = extract_hash_part(hash)
-          hash_new = create_hash(value, salt) # try to recreate same hash
-          hash_new == hash_old
         end
 
-        private #~*~*~*~*~*~*~*~*~*~*
-
-        def create_hash(value, salt)
-          Digest::SHA2.new.update(value + salt).to_s
-        end
-
-        def extract_hash_part(hash)
-          hash.split(/-/)[0]
-        end
-
-        def extract_salt_part(hash)
-          hash.split(/-/)[1]
-        end
-
-      end # << class << self
+      end
 
     end
 

data/test/common/user_test.rb

@@ -6,21 +6,17 @@ class UserTest < ActiveSupport::TestCase
 
   test "simple instantiation" do
 
-    @user = User.new(:username => "kevin", :password => "asdf")
+    @user = User.new(:email => "me@example.com", :password => "asdf")
     assert @user
 
   end
 
-  # We can't exactly test if the new password is a correctly hashed
-  # password until running the comparer method, but we can check if
-  # its nil or blank, or its not still the clear text password - which
-  # would be quite a bug.
-  test "password hashed" do
+  test "password touched" do
 
     original_password = "asdf"
-    @user = User.new(:username => "kevin", :password => original_password)
+    @user = User.new(:email => "me@example.com", :password => original_password)
 
-    assert_equal "kevin", @user.username # make sure other fields untouched
+    assert_equal "me@example.com", @user.email # make sure other fields untouched
     assert_not_equal nil, @user.password
     assert_not_equal "", @user.password
     assert_not_equal original_password, @user.password
@@ -31,12 +27,13 @@ class UserTest < ActiveSupport::TestCase
   test "matching" do
 
     original_password = "asdf"
-    @user = User.new(:username => "kevin", :password => original_password)
 
-    assert @user.password_hash_match?(original_password)
-    assert ! @user.password_hash_match?("banana")
-    assert ! @user.password_hash_match?("")
-    assert ! @user.password_hash_match?(nil)
+    @user = User.new(:email => "me@example.com", :password => original_password)
+
+    assert @user.password == original_password
+    assert ! (@user.password == "banana")
+    assert ! (@user.password == "")
+    assert ! (@user.password == nil)
 
   end
 
@@ -44,15 +41,16 @@ class UserTest < ActiveSupport::TestCase
   test "write, find, match" do
 
     original_password = "asdf"
-    @user = User.new(:username => "kevin", :password => original_password)
-    @user.save
 
-    user = User.find_by_username("kevin")
+    @user = User.create(:email => "me@example.com",
+                        :password => original_password)
+
+    user = User.find_by_email("me@example.com")
 
-    assert user.password_hash_match?(original_password)
-    assert ! user.password_hash_match?("banana")
-    assert ! user.password_hash_match?("")
-    assert ! user.password_hash_match?(nil)
+    assert user.password == original_password
+    assert ! (user.password == "banana")
+    assert ! (user.password == "")
+    assert ! (user.password == nil)
 
   end
 

data/test/rails2x_root/db/migrate/20100803040436_create_users.rb

@@ -1,7 +1,7 @@
 class CreateUsers < ActiveRecord::Migration
   def self.up
     create_table :users do |t|
-      t.string :username
+      t.string :email
       t.string :password
       t.timestamps
     end

data/test/rails2x_root/db/schema.rb

@@ -12,7 +12,7 @@
 ActiveRecord::Schema.define(:version => 20100803040436) do
 
   create_table "users", :force => true do |t|
-    t.string   "username"
+    t.string   "email"
     t.string   "password"
     t.datetime "created_at"
     t.datetime "updated_at"

data/test/rails2x_root/test/unit/user_test.rb

@@ -6,21 +6,17 @@ class UserTest < ActiveSupport::TestCase
 
   test "simple instantiation" do
 
-    @user = User.new(:username => "kevin", :password => "asdf")
+    @user = User.new(:email => "me@example.com", :password => "asdf")
     assert @user
 
   end
 
-  # We can't exactly test if the new password is a correctly hashed
-  # password until running the comparer method, but we can check if
-  # its nil or blank, or its not still the clear text password - which
-  # would be quite a bug.
-  test "password hashed" do
+  test "password touched" do
 
     original_password = "asdf"
-    @user = User.new(:username => "kevin", :password => original_password)
+    @user = User.new(:email => "me@example.com", :password => original_password)
 
-    assert_equal "kevin", @user.username # make sure other fields untouched
+    assert_equal "me@example.com", @user.email # make sure other fields untouched
     assert_not_equal nil, @user.password
     assert_not_equal "", @user.password
     assert_not_equal original_password, @user.password
@@ -31,12 +27,13 @@ class UserTest < ActiveSupport::TestCase
   test "matching" do
 
     original_password = "asdf"
-    @user = User.new(:username => "kevin", :password => original_password)
 
-    assert @user.password_hash_match?(original_password)
-    assert ! @user.password_hash_match?("banana")
-    assert ! @user.password_hash_match?("")
-    assert ! @user.password_hash_match?(nil)
+    @user = User.new(:email => "me@example.com", :password => original_password)
+
+    assert @user.password == original_password
+    assert ! (@user.password == "banana")
+    assert ! (@user.password == "")
+    assert ! (@user.password == nil)
 
   end
 
@@ -44,15 +41,16 @@ class UserTest < ActiveSupport::TestCase
   test "write, find, match" do
 
     original_password = "asdf"
-    @user = User.new(:username => "kevin", :password => original_password)
-    @user.save
 
-    user = User.find_by_username("kevin")
+    @user = User.create(:email => "me@example.com",
+                        :password => original_password)
+
+    user = User.find_by_email("me@example.com")
 
-    assert user.password_hash_match?(original_password)
-    assert ! user.password_hash_match?("banana")
-    assert ! user.password_hash_match?("")
-    assert ! user.password_hash_match?(nil)
+    assert user.password == original_password
+    assert ! (user.password == "banana")
+    assert ! (user.password == "")
+    assert ! (user.password == nil)
 
   end
 

data/test/rails3x_root/Gemfile

@@ -30,4 +30,6 @@ gem 'sqlite3-ruby', :require => 'sqlite3'
 # end
 
 gem "auto_hash", :path => "../.."
-gem "redgreen"
+gem "redgreen"
+
+gem 'bcrypt-ruby', :require => "bcrypt"

data/test/rails3x_root/Gemfile.lock

@@ -1,7 +1,8 @@
 PATH
   remote: /Users/kevin/Development/auto_hash
   specs:
-    auto_hash (0.1)
+    auto_hash (0.2.0)
+      bcrypt-ruby
 
 GEM
   remote: http://rubygems.org/
@@ -35,6 +36,7 @@ GEM
     activesupport (3.0.0.rc)
     arel (0.4.0)
       activesupport (>= 3.0.0.beta)
+    bcrypt-ruby (2.1.2)
     builder (2.1.2)
     erubis (2.6.6)
       abstract (>= 1.0.0)
@@ -65,7 +67,7 @@ GEM
       thor (~> 0.14.0)
     rake (0.8.7)
     redgreen (1.2.2)
-    sqlite3-ruby (1.3.0)
+    sqlite3-ruby (1.3.1)
     thor (0.14.0)
     treetop (1.4.8)
       polyglot (>= 0.3.1)
@@ -76,6 +78,7 @@ PLATFORMS
 
 DEPENDENCIES
   auto_hash!
+  bcrypt-ruby
   rails (= 3.0.0.rc)
   redgreen
   sqlite3-ruby

data/test/rails3x_root/db/migrate/20100804020911_create_users.rb

@@ -1,7 +1,7 @@
 class CreateUsers < ActiveRecord::Migration
   def self.up
     create_table :users do |t|
-      t.string :username
+      t.string :email
       t.string :password
       t.timestamps
     end

data/test/rails3x_root/db/schema.rb

@@ -13,7 +13,7 @@
 ActiveRecord::Schema.define(:version => 20100804020911) do
 
   create_table "users", :force => true do |t|
-    t.string   "username"
+    t.string   "email"
     t.string   "password"
     t.datetime "created_at"
     t.datetime "updated_at"

data/test/rails3x_root/test/unit/user_test.rb

@@ -6,21 +6,17 @@ class UserTest < ActiveSupport::TestCase
 
   test "simple instantiation" do
 
-    @user = User.new(:username => "kevin", :password => "asdf")
+    @user = User.new(:email => "me@example.com", :password => "asdf")
     assert @user
 
   end
 
-  # We can't exactly test if the new password is a correctly hashed
-  # password until running the comparer method, but we can check if
-  # its nil or blank, or its not still the clear text password - which
-  # would be quite a bug.
-  test "password hashed" do
+  test "password touched" do
 
     original_password = "asdf"
-    @user = User.new(:username => "kevin", :password => original_password)
+    @user = User.new(:email => "me@example.com", :password => original_password)
 
-    assert_equal "kevin", @user.username # make sure other fields untouched
+    assert_equal "me@example.com", @user.email # make sure other fields untouched
     assert_not_equal nil, @user.password
     assert_not_equal "", @user.password
     assert_not_equal original_password, @user.password
@@ -31,12 +27,13 @@ class UserTest < ActiveSupport::TestCase
   test "matching" do
 
     original_password = "asdf"
-    @user = User.new(:username => "kevin", :password => original_password)
 
-    assert @user.password_hash_match?(original_password)
-    assert ! @user.password_hash_match?("banana")
-    assert ! @user.password_hash_match?("")
-    assert ! @user.password_hash_match?(nil)
+    @user = User.new(:email => "me@example.com", :password => original_password)
+
+    assert @user.password == original_password
+    assert ! (@user.password == "banana")
+    assert ! (@user.password == "")
+    assert ! (@user.password == nil)
 
   end
 
@@ -44,15 +41,16 @@ class UserTest < ActiveSupport::TestCase
   test "write, find, match" do
 
     original_password = "asdf"
-    @user = User.new(:username => "kevin", :password => original_password)
-    @user.save
 
-    user = User.find_by_username("kevin")
+    @user = User.create(:email => "me@example.com",
+                        :password => original_password)
+
+    user = User.find_by_email("me@example.com")
 
-    assert user.password_hash_match?(original_password)
-    assert ! user.password_hash_match?("banana")
-    assert ! user.password_hash_match?("")
-    assert ! user.password_hash_match?(nil)
+    assert user.password == original_password
+    assert ! (user.password == "banana")
+    assert ! (user.password == "")
+    assert ! (user.password == nil)
 
   end
 

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: auto_hash
 version: !ruby/object:Gem::Version 
-  hash: 23
+  hash: 19
   prerelease: false
   segments: 
   - 0
-  - 2
+  - 3
   - 0
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors: 
 - Kevin Swope
@@ -15,10 +15,23 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-08-05 00:00:00 -04:00
+date: 2010-08-14 00:00:00 -04:00
 default_executable: 
-dependencies: []
-
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: bcrypt-ruby
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id001
 description: Ruby on Rails plugin to automate hashing an activerecord field and saving as a salt and digest in a single field.
 email: gems-kevdev@snkmail.com
 executables: []