devise-argon2 2.0.0 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/test.yml +19 -0
- data/.gitignore +1 -1
- data/CHANGELOG.md +12 -0
- data/Gemfile +2 -0
- data/README.md +2 -1
- data/devise-argon2.gemspec +3 -3
- data/lib/devise-argon2/model.rb +23 -11
- data/lib/devise-argon2/version.rb +1 -1
- data/spec/devise-argon2_spec.rb +49 -0
- metadata +9 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d036bff0c949c49457df0df4a4ac902d4ed0e65e84fd26f2940bfcc973b6bcc3
|
|
4
|
+
data.tar.gz: 82024dfd476f476514c5548b4aac5a93c49ffffad6fe33252c153381d0b803c1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fb3857086fc9f31fd22bec613c3fe9e93534234036db242c49b1e5aae6ac9340611916e62ec92f84e67b8fafe97610b6d947c98df7846e62d91d9e550586689b
|
|
7
|
+
data.tar.gz: b7e523688dab140c94d9aed10232a57a1dcb144b437073d8ec41952fe0595f8713215d5ed9658701927f50182d2cf49adb0fd7bc5792d21255edaf70ffa603f5
|
data/.github/workflows/test.yml
CHANGED
|
@@ -9,6 +9,7 @@ jobs:
|
|
|
9
9
|
matrix:
|
|
10
10
|
ruby-version: ['2.7', '3.0', '3.1', '3.2', 'ruby-head']
|
|
11
11
|
rails-version: ['~> 7.0', '~> 6.1']
|
|
12
|
+
argon2-version: ['2.2', '2.3']
|
|
12
13
|
orm:
|
|
13
14
|
- adapter: active_record
|
|
14
15
|
- adapter: mongoid
|
|
@@ -18,18 +19,36 @@ jobs:
|
|
|
18
19
|
- adapter: mongoid
|
|
19
20
|
mongoid-version: 7.5.4
|
|
20
21
|
include:
|
|
22
|
+
- rails-version: '~> 6.1'
|
|
23
|
+
ruby-version: '3.1'
|
|
24
|
+
argon2-version: '2.3'
|
|
25
|
+
devise-version: '4.8'
|
|
26
|
+
orm:
|
|
27
|
+
adapter: active_record
|
|
21
28
|
- rails-version: '~> 7.1'
|
|
22
29
|
ruby-version: '3.1'
|
|
30
|
+
argon2-version: '2.3'
|
|
31
|
+
devise-version: '4.9'
|
|
23
32
|
orm:
|
|
24
33
|
adapter: active_record
|
|
25
34
|
- rails-version: '~> 7.1'
|
|
26
35
|
ruby-version: '3.2'
|
|
36
|
+
argon2-version: '2.3'
|
|
37
|
+
devise-version: '4.9'
|
|
38
|
+
orm:
|
|
39
|
+
adapter: active_record
|
|
40
|
+
- rails-version: '~> 7.1'
|
|
41
|
+
ruby-version: '3.1'
|
|
42
|
+
argon2-version: '2.1'
|
|
43
|
+
devise-version: '4.9'
|
|
27
44
|
orm:
|
|
28
45
|
adapter: active_record
|
|
29
46
|
env:
|
|
30
47
|
RAILS_VERSION: ${{ matrix.rails-version || '~> 7.0'}}
|
|
31
48
|
MONGOID_VERSION: ${{ matrix.orm.mongoid-version || '8.1.2'}}
|
|
32
49
|
ORM: ${{ matrix.orm.adapter }}
|
|
50
|
+
ARGON2_VERSION: ${{ matrix.argon2-version }}
|
|
51
|
+
DEVISE_VERSION: ${{ matrix.devise-version || '~> 4.9' }}
|
|
33
52
|
steps:
|
|
34
53
|
- uses: actions/checkout@v4
|
|
35
54
|
- name: Set up Ruby ${{ matrix.ruby-version }}
|
data/.gitignore
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,17 @@
|
|
|
2
2
|
|
|
3
3
|
## Unreleased
|
|
4
4
|
|
|
5
|
+
## [2.0.1] - 2023-10-18
|
|
6
|
+
|
|
7
|
+
### Added
|
|
8
|
+
- Add Argon2 and devise to the test suite
|
|
9
|
+
- Add @moritzhoeppner as an author
|
|
10
|
+
|
|
11
|
+
### Fixed
|
|
12
|
+
- Fix work factors implementation
|
|
13
|
+
|
|
14
|
+
## [2.0.0] - 2023-10-16
|
|
15
|
+
|
|
5
16
|
### Added
|
|
6
17
|
- Expose Argon2 options for configuring hashing work factors
|
|
7
18
|
- Add support for migration v1 hashes
|
|
@@ -17,4 +28,5 @@
|
|
|
17
28
|
- Remove `devise-encryptable` dependency
|
|
18
29
|
- Remove superflous dependency on devise `password_salt` column
|
|
19
30
|
|
|
31
|
+
Thank you to @moritzhoeppner for the significant contributions to this release!
|
|
20
32
|
|
data/Gemfile
CHANGED
|
@@ -7,6 +7,8 @@ gem 'simplecov'
|
|
|
7
7
|
gem 'activerecord'
|
|
8
8
|
gem 'sqlite3'
|
|
9
9
|
gem 'rails', ENV['RAILS_VERSION'] || '~> 7.0'
|
|
10
|
+
gem 'argon2', ENV['ARGON2_VERSION'] || '~> 2.3'
|
|
11
|
+
gem 'devise', ENV['DEVISE_VERSION'] || '~> 4.9'
|
|
10
12
|
|
|
11
13
|
if ENV['ORM'] == 'mongoid'
|
|
12
14
|
gem 'mongoid', ENV['MONGOID_VERSION'] || '~> 7.5'
|
data/README.md
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# devise-argon2
|
|
2
2
|
[](https://badge.fury.io/rb/devise-argon2)
|
|
3
|
+
|
|
3
4
|
|
|
4
5
|
A ruby gem that gives Devise models which use `database_authenticatable` the ability to hash
|
|
5
6
|
passwords with Argon2id.
|
|
@@ -39,7 +40,7 @@ or `secret` to `Argon2::Password.new`. These parameters can be set like this:
|
|
|
39
40
|
class User < ApplicationRecord
|
|
40
41
|
devise :database_authenticatable,
|
|
41
42
|
:argon2,
|
|
42
|
-
argon2_options: {
|
|
43
|
+
argon2_options: { t_cost: 3, p_cost: 2 }
|
|
43
44
|
end
|
|
44
45
|
```
|
|
45
46
|
|
data/devise-argon2.gemspec
CHANGED
|
@@ -6,7 +6,7 @@ require "devise-argon2/version"
|
|
|
6
6
|
Gem::Specification.new do |gem|
|
|
7
7
|
gem.name = "devise-argon2"
|
|
8
8
|
gem.version = Devise::Argon2::ARGON2_VERSION
|
|
9
|
-
gem.authors = ["Tamas Erdos"]
|
|
9
|
+
gem.authors = ["Tamas Erdos", "Moritz Höppner"]
|
|
10
10
|
gem.email = ["tamas at tamaserdos com"]
|
|
11
11
|
gem.description = %q{Enables Devise to hash passwords with Argon2id}
|
|
12
12
|
gem.summary = %q{Enables Devise to hash passwords with Argon2id}
|
|
@@ -18,8 +18,8 @@ Gem::Specification.new do |gem|
|
|
|
18
18
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
|
19
19
|
gem.require_paths = ["lib"]
|
|
20
20
|
|
|
21
|
-
gem.add_dependency 'devise', '
|
|
22
|
-
gem.add_dependency 'argon2', '~> 2.
|
|
21
|
+
gem.add_dependency 'devise', '~> 4.0'
|
|
22
|
+
gem.add_dependency 'argon2', '~> 2.1'
|
|
23
23
|
|
|
24
24
|
|
|
25
25
|
gem.post_install_message = "Version 2 of devise-argon2 introduces breaking changes, please see README.md for details."
|
data/lib/devise-argon2/model.rb
CHANGED
|
@@ -58,21 +58,33 @@ module Devise
|
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
def outdated_work_factors?
|
|
61
|
+
hash_format = ::Argon2::HashFormat.new(encrypted_password)
|
|
62
|
+
current_work_factors = {
|
|
63
|
+
t_cost: hash_format.t_cost,
|
|
64
|
+
m_cost: hash_format.m_cost,
|
|
65
|
+
p_cost: hash_format.p_cost
|
|
66
|
+
}
|
|
67
|
+
current_work_factors != configured_work_factors
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
def configured_work_factors
|
|
61
71
|
# Since version 2.3.0 the argon2 gem exposes the default work factors via constants, see
|
|
62
72
|
# https://github.com/technion/ruby-argon2/commit/d62ecf8b4ec6b8c1651fade5a5ebdc856e8aef42
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
73
|
+
work_factors = {
|
|
74
|
+
t_cost: defined?(::Argon2::Password::DEFAULT_T_COST) ? ::Argon2::Password::DEFAULT_T_COST : 2,
|
|
75
|
+
m_cost: defined?(::Argon2::Password::DEFAULT_M_COST) ? ::Argon2::Password::DEFAULT_M_COST : 16,
|
|
76
|
+
p_cost: defined?(::Argon2::Password::DEFAULT_P_COST) ? ::Argon2::Password::DEFAULT_P_COST : 1
|
|
77
|
+
}.merge(self.class.argon2_options.slice(:t_cost, :m_cost, :p_cost))
|
|
66
78
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
79
|
+
# Since version 2.3.0 the argon2 gem supports defining work factors with named profiles, see
|
|
80
|
+
# https://github.com/technion/ruby-argon2/commit/6312a8fb3a6c6c5e771a736572e63d47485e8613
|
|
81
|
+
if self.class.argon2_options[:profile] && defined?(::Argon2::Profiles)
|
|
82
|
+
work_factors.merge!(::Argon2::Profiles[self.class.argon2_options[:profile]])
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
work_factors[:m_cost] = (1 << work_factors[:m_cost])
|
|
72
86
|
|
|
73
|
-
|
|
74
|
-
hash_format.m_cost != (1 << current_m_cost) ||
|
|
75
|
-
hash_format.p_cost != current_p_cost
|
|
87
|
+
work_factors
|
|
76
88
|
end
|
|
77
89
|
|
|
78
90
|
def migrate_hash_from_devise_argon2_v1?
|
data/spec/devise-argon2_spec.rb
CHANGED
|
@@ -174,6 +174,55 @@ describe Devise::Models::Argon2 do
|
|
|
174
174
|
.to({ m_cost: 1 << 4, t_cost: 3, p_cost: 2 })
|
|
175
175
|
)
|
|
176
176
|
end
|
|
177
|
+
|
|
178
|
+
if Argon2::VERSION >= '2.3.0'
|
|
179
|
+
it 'updates work factors if they changed via profile option' do
|
|
180
|
+
# Build user with argon2 default work factors (which match the RFC_9106_LOW_MEMORY
|
|
181
|
+
# profile.)
|
|
182
|
+
Devise.argon2_options = {}
|
|
183
|
+
user
|
|
184
|
+
|
|
185
|
+
Devise.argon2_options = { profile: :pre_rfc_9106 }
|
|
186
|
+
|
|
187
|
+
expect{ user.valid_password?(CORRECT_PASSWORD) }.to(
|
|
188
|
+
change{ work_factors(user.encrypted_password) }
|
|
189
|
+
.to(
|
|
190
|
+
{
|
|
191
|
+
m_cost: 1 << Argon2::Profiles[:pre_rfc_9106][:m_cost],
|
|
192
|
+
t_cost: Argon2::Profiles[:pre_rfc_9106][:t_cost],
|
|
193
|
+
p_cost: Argon2::Profiles[:pre_rfc_9106][:p_cost]
|
|
194
|
+
}
|
|
195
|
+
)
|
|
196
|
+
)
|
|
197
|
+
end
|
|
198
|
+
|
|
199
|
+
it 'gives precendence to the profile option over explicit configuration of work factors' do
|
|
200
|
+
Devise.argon2_options = {
|
|
201
|
+
m_cost: Argon2::Profiles[:pre_rfc_9106][:m_cost] + 1,
|
|
202
|
+
t_cost: Argon2::Profiles[:pre_rfc_9106][:t_cost] + 1,
|
|
203
|
+
p_cost: Argon2::Profiles[:pre_rfc_9106][:p_cost] + 1
|
|
204
|
+
}
|
|
205
|
+
user # build user
|
|
206
|
+
|
|
207
|
+
Devise.argon2_options = {
|
|
208
|
+
profile: :pre_rfc_9106,
|
|
209
|
+
m_cost: Argon2::Profiles[:pre_rfc_9106][:m_cost] + 1,
|
|
210
|
+
t_cost: Argon2::Profiles[:pre_rfc_9106][:t_cost] + 1,
|
|
211
|
+
p_cost: Argon2::Profiles[:pre_rfc_9106][:p_cost] + 1
|
|
212
|
+
}
|
|
213
|
+
|
|
214
|
+
expect{ user.valid_password?(CORRECT_PASSWORD) }.to(
|
|
215
|
+
change{ work_factors(user.encrypted_password) }
|
|
216
|
+
.to(
|
|
217
|
+
{
|
|
218
|
+
m_cost: 1 << Argon2::Profiles[:pre_rfc_9106][:m_cost],
|
|
219
|
+
t_cost: Argon2::Profiles[:pre_rfc_9106][:t_cost],
|
|
220
|
+
p_cost: Argon2::Profiles[:pre_rfc_9106][:p_cost]
|
|
221
|
+
}
|
|
222
|
+
)
|
|
223
|
+
)
|
|
224
|
+
end
|
|
225
|
+
end
|
|
177
226
|
end
|
|
178
227
|
|
|
179
228
|
it 'ignores migrate_from_devise_argon2_v1 if password_salt is not present' do
|
metadata
CHANGED
|
@@ -1,43 +1,44 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise-argon2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tamas Erdos
|
|
8
|
+
- Moritz Höppner
|
|
8
9
|
autorequire:
|
|
9
10
|
bindir: bin
|
|
10
11
|
cert_chain: []
|
|
11
|
-
date: 2023-10-
|
|
12
|
+
date: 2023-10-19 00:00:00.000000000 Z
|
|
12
13
|
dependencies:
|
|
13
14
|
- !ruby/object:Gem::Dependency
|
|
14
15
|
name: devise
|
|
15
16
|
requirement: !ruby/object:Gem::Requirement
|
|
16
17
|
requirements:
|
|
17
|
-
- - "
|
|
18
|
+
- - "~>"
|
|
18
19
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
20
|
+
version: '4.0'
|
|
20
21
|
type: :runtime
|
|
21
22
|
prerelease: false
|
|
22
23
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
24
|
requirements:
|
|
24
|
-
- - "
|
|
25
|
+
- - "~>"
|
|
25
26
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
27
|
+
version: '4.0'
|
|
27
28
|
- !ruby/object:Gem::Dependency
|
|
28
29
|
name: argon2
|
|
29
30
|
requirement: !ruby/object:Gem::Requirement
|
|
30
31
|
requirements:
|
|
31
32
|
- - "~>"
|
|
32
33
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '2.
|
|
34
|
+
version: '2.1'
|
|
34
35
|
type: :runtime
|
|
35
36
|
prerelease: false
|
|
36
37
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
38
|
requirements:
|
|
38
39
|
- - "~>"
|
|
39
40
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '2.
|
|
41
|
+
version: '2.1'
|
|
41
42
|
description: Enables Devise to hash passwords with Argon2id
|
|
42
43
|
email:
|
|
43
44
|
- tamas at tamaserdos com
|