devise-argon2 2.0.0 → 2.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/test.yml +19 -0
  3. data/.gitignore +1 -1
  4. data/CHANGELOG.md +12 -0
  5. data/Gemfile +2 -0
  6. data/README.md +2 -1
  7. data/devise-argon2.gemspec +3 -3
  8. data/lib/devise-argon2/model.rb +23 -11
  9. data/lib/devise-argon2/version.rb +1 -1
  10. data/spec/devise-argon2_spec.rb +49 -0
  11. metadata +9 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6d20fef20b04b01fd33fd4e8b7104f50ef57ce75e6a4406df46a3ea10fe693a1
4
- data.tar.gz: 7b66c6a1e646eea75a16c43ae37a95b557e6342488885a73ab60a80d3d5903a5
3
+ metadata.gz: d036bff0c949c49457df0df4a4ac902d4ed0e65e84fd26f2940bfcc973b6bcc3
4
+ data.tar.gz: 82024dfd476f476514c5548b4aac5a93c49ffffad6fe33252c153381d0b803c1
5
5
  SHA512:
6
- metadata.gz: 668de52215782a24691ec1d44ced5c85376d99099da8352c583a3452fb78d60e928fef311efe5bdfadffc5dfac130b1affabf9ce26b0197ea807d5602ed257d8
7
- data.tar.gz: 12669cb6bbd94d3cc6e0427a6bf805152417f47858145daf6fba20907d32c10f9c8bedf4535a7ede8af0c572723886537ee782967e7b9b7e5566ec01c6f6ec27
6
+ metadata.gz: fb3857086fc9f31fd22bec613c3fe9e93534234036db242c49b1e5aae6ac9340611916e62ec92f84e67b8fafe97610b6d947c98df7846e62d91d9e550586689b
7
+ data.tar.gz: b7e523688dab140c94d9aed10232a57a1dcb144b437073d8ec41952fe0595f8713215d5ed9658701927f50182d2cf49adb0fd7bc5792d21255edaf70ffa603f5
data/.github/workflows/test.yml CHANGED
@@ -9,6 +9,7 @@ jobs:
9
9
  matrix:
10
10
  ruby-version: ['2.7', '3.0', '3.1', '3.2', 'ruby-head']
11
11
  rails-version: ['~> 7.0', '~> 6.1']
12
+ argon2-version: ['2.2', '2.3']
12
13
  orm:
13
14
  - adapter: active_record
14
15
  - adapter: mongoid
@@ -18,18 +19,36 @@ jobs:
18
19
  - adapter: mongoid
19
20
  mongoid-version: 7.5.4
20
21
  include:
22
+ - rails-version: '~> 6.1'
23
+ ruby-version: '3.1'
24
+ argon2-version: '2.3'
25
+ devise-version: '4.8'
26
+ orm:
27
+ adapter: active_record
21
28
  - rails-version: '~> 7.1'
22
29
  ruby-version: '3.1'
30
+ argon2-version: '2.3'
31
+ devise-version: '4.9'
23
32
  orm:
24
33
  adapter: active_record
25
34
  - rails-version: '~> 7.1'
26
35
  ruby-version: '3.2'
36
+ argon2-version: '2.3'
37
+ devise-version: '4.9'
38
+ orm:
39
+ adapter: active_record
40
+ - rails-version: '~> 7.1'
41
+ ruby-version: '3.1'
42
+ argon2-version: '2.1'
43
+ devise-version: '4.9'
27
44
  orm:
28
45
  adapter: active_record
29
46
  env:
30
47
  RAILS_VERSION: ${{ matrix.rails-version || '~> 7.0'}}
31
48
  MONGOID_VERSION: ${{ matrix.orm.mongoid-version || '8.1.2'}}
32
49
  ORM: ${{ matrix.orm.adapter }}
50
+ ARGON2_VERSION: ${{ matrix.argon2-version }}
51
+ DEVISE_VERSION: ${{ matrix.devise-version || '~> 4.9' }}
33
52
  steps:
34
53
  - uses: actions/checkout@v4
35
54
  - name: Set up Ruby ${{ matrix.ruby-version }}
data/.gitignore CHANGED
@@ -14,7 +14,7 @@ rdoc
14
14
  spec/reports
15
15
  spec/rails_app/log/*
16
16
  spec/rails_app/tmp/*
17
- spec/rails_app/db/test.sqlite3
17
+ spec/rails_app/db/test.sqlite3*
18
18
  test/tmp
19
19
  test/version_tmp
20
20
  tmp
data/CHANGELOG.md CHANGED
@@ -2,6 +2,17 @@
2
2
 
3
3
  ## Unreleased
4
4
 
5
+ ## [2.0.1] - 2023-10-18
6
+
7
+ ### Added
8
+ - Add Argon2 and devise to the test suite
9
+ - Add @moritzhoeppner as an author
10
+
11
+ ### Fixed
12
+ - Fix work factors implementation
13
+
14
+ ## [2.0.0] - 2023-10-16
15
+
5
16
  ### Added
6
17
  - Expose Argon2 options for configuring hashing work factors
7
18
  - Add support for migration v1 hashes
@@ -17,4 +28,5 @@
17
28
  - Remove `devise-encryptable` dependency
18
29
  - Remove superflous dependency on devise `password_salt` column
19
30
 
31
+ Thank you to @moritzhoeppner for the significant contributions to this release!
20
32
 
data/Gemfile CHANGED
@@ -7,6 +7,8 @@ gem 'simplecov'
7
7
  gem 'activerecord'
8
8
  gem 'sqlite3'
9
9
  gem 'rails', ENV['RAILS_VERSION'] || '~> 7.0'
10
+ gem 'argon2', ENV['ARGON2_VERSION'] || '~> 2.3'
11
+ gem 'devise', ENV['DEVISE_VERSION'] || '~> 4.9'
10
12
 
11
13
  if ENV['ORM'] == 'mongoid'
12
14
  gem 'mongoid', ENV['MONGOID_VERSION'] || '~> 7.5'
data/README.md CHANGED
@@ -1,5 +1,6 @@
1
1
  # devise-argon2
2
2
  [![Gem Version](https://badge.fury.io/rb/devise-argon2.svg)](https://badge.fury.io/rb/devise-argon2)
3
+ ![](https://github.com/erdostom/devise-argon2/actions/workflows/test.yml/badge.svg)
3
4
 
4
5
  A ruby gem that gives Devise models which use `database_authenticatable` the ability to hash
5
6
  passwords with Argon2id.
@@ -39,7 +40,7 @@ or `secret` to `Argon2::Password.new`. These parameters can be set like this:
39
40
  class User < ApplicationRecord
40
41
  devise :database_authenticatable,
41
42
  :argon2,
42
- argon2_options: { t_cost: 3, p_cost: 2 }
43
+ argon2_options: { t_cost: 3, p_cost: 2 }
43
44
  end
44
45
  ```
45
46
 
data/devise-argon2.gemspec CHANGED
@@ -6,7 +6,7 @@ require "devise-argon2/version"
6
6
  Gem::Specification.new do |gem|
7
7
  gem.name = "devise-argon2"
8
8
  gem.version = Devise::Argon2::ARGON2_VERSION
9
- gem.authors = ["Tamas Erdos"]
9
+ gem.authors = ["Tamas Erdos", "Moritz Höppner"]
10
10
  gem.email = ["tamas at tamaserdos com"]
11
11
  gem.description = %q{Enables Devise to hash passwords with Argon2id}
12
12
  gem.summary = %q{Enables Devise to hash passwords with Argon2id}
@@ -18,8 +18,8 @@ Gem::Specification.new do |gem|
18
18
  gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
19
19
  gem.require_paths = ["lib"]
20
20
 
21
- gem.add_dependency 'devise', '>= 2.1.0'
22
- gem.add_dependency 'argon2', '~> 2.0'
21
+ gem.add_dependency 'devise', '~> 4.0'
22
+ gem.add_dependency 'argon2', '~> 2.1'
23
23
 
24
24
 
25
25
  gem.post_install_message = "Version 2 of devise-argon2 introduces breaking changes, please see README.md for details."
data/lib/devise-argon2/model.rb CHANGED
@@ -58,21 +58,33 @@ module Devise
58
58
  end
59
59
 
60
60
  def outdated_work_factors?
61
+ hash_format = ::Argon2::HashFormat.new(encrypted_password)
62
+ current_work_factors = {
63
+ t_cost: hash_format.t_cost,
64
+ m_cost: hash_format.m_cost,
65
+ p_cost: hash_format.p_cost
66
+ }
67
+ current_work_factors != configured_work_factors
68
+ end
69
+
70
+ def configured_work_factors
61
71
  # Since version 2.3.0 the argon2 gem exposes the default work factors via constants, see
62
72
  # https://github.com/technion/ruby-argon2/commit/d62ecf8b4ec6b8c1651fade5a5ebdc856e8aef42
63
- default_t_cost = defined?(::Argon2::Password::DEFAULT_T_COST) ? ::Argon2::Password::DEFAULT_T_COST : 2
64
- default_m_cost = defined?(::Argon2::Password::DEFAULT_M_COST) ? ::Argon2::Password::DEFAULT_M_COST : 16
65
- default_p_cost = defined?(::Argon2::Password::DEFAULT_P_COST) ? ::Argon2::Password::DEFAULT_P_COST : 1
73
+ work_factors = {
74
+ t_cost: defined?(::Argon2::Password::DEFAULT_T_COST) ? ::Argon2::Password::DEFAULT_T_COST : 2,
75
+ m_cost: defined?(::Argon2::Password::DEFAULT_M_COST) ? ::Argon2::Password::DEFAULT_M_COST : 16,
76
+ p_cost: defined?(::Argon2::Password::DEFAULT_P_COST) ? ::Argon2::Password::DEFAULT_P_COST : 1
77
+ }.merge(self.class.argon2_options.slice(:t_cost, :m_cost, :p_cost))
66
78
 
67
- current_t_cost = self.class.argon2_options[:t_cost] || default_t_cost
68
- current_m_cost = self.class.argon2_options[:m_cost] || default_m_cost
69
- current_p_cost = self.class.argon2_options[:p_cost] || default_p_cost
70
-
71
- hash_format = ::Argon2::HashFormat.new(encrypted_password)
79
+ # Since version 2.3.0 the argon2 gem supports defining work factors with named profiles, see
80
+ # https://github.com/technion/ruby-argon2/commit/6312a8fb3a6c6c5e771a736572e63d47485e8613
81
+ if self.class.argon2_options[:profile] && defined?(::Argon2::Profiles)
82
+ work_factors.merge!(::Argon2::Profiles[self.class.argon2_options[:profile]])
83
+ end
84
+
85
+ work_factors[:m_cost] = (1 << work_factors[:m_cost])
72
86
 
73
- hash_format.t_cost != current_t_cost ||
74
- hash_format.m_cost != (1 << current_m_cost) ||
75
- hash_format.p_cost != current_p_cost
87
+ work_factors
76
88
  end
77
89
 
78
90
  def migrate_hash_from_devise_argon2_v1?
data/lib/devise-argon2/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Devise
2
2
  module Argon2
3
- ARGON2_VERSION = '2.0.0'
3
+ ARGON2_VERSION = '2.0.1'
4
4
  end
5
5
  end
data/spec/devise-argon2_spec.rb CHANGED
@@ -174,6 +174,55 @@ describe Devise::Models::Argon2 do
174
174
  .to({ m_cost: 1 << 4, t_cost: 3, p_cost: 2 })
175
175
  )
176
176
  end
177
+
178
+ if Argon2::VERSION >= '2.3.0'
179
+ it 'updates work factors if they changed via profile option' do
180
+ # Build user with argon2 default work factors (which match the RFC_9106_LOW_MEMORY
181
+ # profile.)
182
+ Devise.argon2_options = {}
183
+ user
184
+
185
+ Devise.argon2_options = { profile: :pre_rfc_9106 }
186
+
187
+ expect{ user.valid_password?(CORRECT_PASSWORD) }.to(
188
+ change{ work_factors(user.encrypted_password) }
189
+ .to(
190
+ {
191
+ m_cost: 1 << Argon2::Profiles[:pre_rfc_9106][:m_cost],
192
+ t_cost: Argon2::Profiles[:pre_rfc_9106][:t_cost],
193
+ p_cost: Argon2::Profiles[:pre_rfc_9106][:p_cost]
194
+ }
195
+ )
196
+ )
197
+ end
198
+
199
+ it 'gives precendence to the profile option over explicit configuration of work factors' do
200
+ Devise.argon2_options = {
201
+ m_cost: Argon2::Profiles[:pre_rfc_9106][:m_cost] + 1,
202
+ t_cost: Argon2::Profiles[:pre_rfc_9106][:t_cost] + 1,
203
+ p_cost: Argon2::Profiles[:pre_rfc_9106][:p_cost] + 1
204
+ }
205
+ user # build user
206
+
207
+ Devise.argon2_options = {
208
+ profile: :pre_rfc_9106,
209
+ m_cost: Argon2::Profiles[:pre_rfc_9106][:m_cost] + 1,
210
+ t_cost: Argon2::Profiles[:pre_rfc_9106][:t_cost] + 1,
211
+ p_cost: Argon2::Profiles[:pre_rfc_9106][:p_cost] + 1
212
+ }
213
+
214
+ expect{ user.valid_password?(CORRECT_PASSWORD) }.to(
215
+ change{ work_factors(user.encrypted_password) }
216
+ .to(
217
+ {
218
+ m_cost: 1 << Argon2::Profiles[:pre_rfc_9106][:m_cost],
219
+ t_cost: Argon2::Profiles[:pre_rfc_9106][:t_cost],
220
+ p_cost: Argon2::Profiles[:pre_rfc_9106][:p_cost]
221
+ }
222
+ )
223
+ )
224
+ end
225
+ end
177
226
  end
178
227
 
179
228
  it 'ignores migrate_from_devise_argon2_v1 if password_salt is not present' do
metadata CHANGED
@@ -1,43 +1,44 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-argon2
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 2.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tamas Erdos
8
+ - Moritz Höppner
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2023-10-16 00:00:00.000000000 Z
12
+ date: 2023-10-19 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
14
15
  name: devise
15
16
  requirement: !ruby/object:Gem::Requirement
16
17
  requirements:
17
- - - ">="
18
+ - - "~>"
18
19
  - !ruby/object:Gem::Version
19
- version: 2.1.0
20
+ version: '4.0'
20
21
  type: :runtime
21
22
  prerelease: false
22
23
  version_requirements: !ruby/object:Gem::Requirement
23
24
  requirements:
24
- - - ">="
25
+ - - "~>"
25
26
  - !ruby/object:Gem::Version
26
- version: 2.1.0
27
+ version: '4.0'
27
28
  - !ruby/object:Gem::Dependency
28
29
  name: argon2
29
30
  requirement: !ruby/object:Gem::Requirement
30
31
  requirements:
31
32
  - - "~>"
32
33
  - !ruby/object:Gem::Version
33
- version: '2.0'
34
+ version: '2.1'
34
35
  type: :runtime
35
36
  prerelease: false
36
37
  version_requirements: !ruby/object:Gem::Requirement
37
38
  requirements:
38
39
  - - "~>"
39
40
  - !ruby/object:Gem::Version
40
- version: '2.0'
41
+ version: '2.1'
41
42
  description: Enables Devise to hash passwords with Argon2id
42
43
  email:
43
44
  - tamas at tamaserdos com