devise-async-stretch 0.0.4 → 0.0.5

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    YjRiMDZjMTE2MzlhZjZiYzlkMGRhM2Q3ZTU3NjExMTgyZDNhMzY5Mw==
+    MWIwYTBiZGI3Y2YwNWQ3NTMyM2NmZWY5MTZhZjk2Yjc1MmVlNWRmZg==
   data.tar.gz: !binary |-
-    ZmFhOGIxOGI0NGZiOGUxYWFkM2ZkZmEzOTA4ZWJlYjE1OGM5ZDhlYQ==
+    Zjk1ZGQ3NWJhNGMyZjE2ZDJiYWNiNzMzMDZiZTQxNDJmNzliZTA4OQ==
 SHA512:
   metadata.gz: !binary |-
-    NWFiZTQ3Y2JiNGE1NWE0YjQ0ZDJkZWQ1Y2ZlZmNjZDcxYjgyOWIwZjRiYjhm
-    ODVmODkwZTkzN2NjYjA2YzA4MGE4MTkxY2U5ZmQ3NzQwY2NiNDFmNmI2Mjk3
-    MWNmODdkYjNjNjkwMzNmYWU4YmYzOTc1ZTIzYmZiZjdhNzczMjM=
+    ZTI2OGRlZDE3NWJhZWM5MzliMjcxYTM1ZGIyODc0MTM3MjljODc3OGM2OTU0
+    YmIzMDRmM2ExODI0MTg3YWMxMjllYjQ1OWFhYzcwNWE2ZjI0OGFmY2JjZWJi
+    MjY1ODIzZWJjZmUwNjJmNjVmOTdiYjUxZWE2NjhmZTcyN2RlOGM=
   data.tar.gz: !binary |-
-    MmE1MzIxOTI5NmExODhkMjMzOWVkMGVlMTI1MThlMTZkN2NlODllYmVmMDFi
-    MTZhZGQ4NjA5MjE1MmY0NThmOGQzMzExMjMxY2FlMGJlNWVmNGEwZGMzZWRj
-    YTg2NTAyZjFhNjE2YTA2ZDA4YjY0ZDJhMmJlYmRhOTY4ODM3Y2I=
+    MTcwMGEwODNiZmZkZGY4MjNkYjc0NWRmOGEyM2U2MjBiMjEzMDViNjlkNDQ0
+    N2ZlMmE0ZjdjYWNhZTJhOWJlNzg3MTkxMjUxY2M0OThhMWJlMGZjZGIwMWM1
+    NjY3ZGM4ZDRjMDUyODMyMGRjY2M5YjljZjMwM2YwMDIxN2I3N2E=

data/README.md

@@ -2,7 +2,7 @@
 
 Move password stretching into a background job for fast user creation but while maintaining difficult to crack storage.
 
-Who, why, and how? See the [website](http://devise-async-stretch.onsimplybuilt.com/).
+# Don't use this. Everything will work in development, but once you deploy to production, users will get logged out once the bg job executes.
 
 ## Contributing
 

data/lib/devise/async/stretch/model.rb

@@ -6,6 +6,7 @@ module Devise
       included do
         # Enhance the stretches!
         after_commit :enqueue_stretch_worker, on: [:create, :update] if Devise::Async::Stretch.enabled
+        before_save :update_stretch_mark, on: [:create, :update] if Devise::Async::Stretch.enabled
       end
 
       def self.required_fields(klass)
@@ -22,6 +23,11 @@ module Devise
         ::BCrypt::Password.create("#{password}#{self.class.pepper}", cost: stretches).to_s
       end
 
+      # This is used in the session, used to verify if the password has changed
+      def authenticatable_salt
+        stretch_mark if stretch_mark
+      end
+
       protected
 
       def enqueue_stretch_worker
@@ -29,6 +35,10 @@ module Devise
         @password = nil
       end
 
+      def update_stretch_mark
+        self[:stretch_mark] = SecureRandom.hex(15)[0,29] unless @password.blank?
+      end
+
       # Digests the password using bcrypt. Custom encryption should override
       # this method to apply their own algorithm.
       #

data/lib/devise/async/stretch/version.rb

@@ -1,7 +1,7 @@
 module Devise
   module Async
     module Stretch
-      VERSION = "0.0.4"
+      VERSION = "0.0.5"
     end
   end
 end

data/lib/generators/devise/async/stretch/install_generator.rb

@@ -19,6 +19,11 @@ module Devise
           inject_into_file(path, ", :stretchable", :after => ":database_authenticatable") if File.exists?(path)
         end
 
+        def add_stretch_mark
+          generate "migration", "AddStretchMarkTo#{name} stretch_mark:string"
+          rake "db:migrate"
+        end
+
       end
     end
   end

data/test/devise/async/stretch/model_test.rb

@@ -4,6 +4,19 @@ class ModelTest < ActiveSupport::TestCase
 
   setup do
     @user = users(:bob)
+    Devise::Async::Stretch.enabled = true
+
+    @model = Class.new do
+      extend ActiveModel::Callbacks
+      define_model_callbacks :save, :commit
+
+      include ActiveModel::AttributeMethods
+      include Devise::Models::Stretchable
+
+      attr_accessor :email, :password, :stretch_mark
+
+      def []=(key, val); self.send(key.to_s + '=', val); end
+    end
   end
 
   test "bcrypt accepts a stretch param" do
@@ -15,7 +28,6 @@ class ModelTest < ActiveSupport::TestCase
   end
 
   test "required_fields doesn't include encrypted_password when enabled" do
-    Devise::Async::Stretch.enabled = true
     assert_equal [:email], Devise::Models::Stretchable.required_fields(User)
   end
 
@@ -24,4 +36,22 @@ class ModelTest < ActiveSupport::TestCase
     assert_equal [:encrypted_password, :email], Devise::Models::Stretchable.required_fields(User)
   end
 
+  test "the #authenticatable_salt returns the stretch_mark" do
+    instance = @model.new
+    instance.stretch_mark = "123456"
+
+    assert_equal "123456", instance.authenticatable_salt
+  end
+
+  test "if the password has changed, the stretch_mark gets updated" do
+    instance = @model.new
+    instance.password = "Bob"
+
+    assert_nil instance.stretch_mark
+
+    instance.run_callbacks(:save)
+
+    refute_nil instance.stretch_mark
+  end
+
 end

data/test/rails_app/db/migrate/20150126144549_add_stretch_mark_to_user.rb

@@ -0,0 +1,5 @@
+class AddStretchMarkToUser < ActiveRecord::Migration
+  def change
+    add_column :users, :stretch_mark, :string
+  end
+end

data/test/rails_app/db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20150105232318) do
+ActiveRecord::Schema.define(version: 20150126144549) do
 
   create_table "delayed_jobs", force: :cascade do |t|
     t.integer  "priority",   default: 0, null: false
@@ -42,6 +42,7 @@ ActiveRecord::Schema.define(version: 20150105232318) do
     t.string   "last_sign_in_ip"
     t.datetime "created_at"
     t.datetime "updated_at"
+    t.string   "stretch_mark"
   end
 
   add_index "users", ["email"], name: "index_users_on_email", unique: true

data/test/rails_app/test/models/user_test.rb

@@ -29,4 +29,27 @@ class UserTest < ActiveSupport::TestCase
     end
   end
 
+  test "the #stretch_mark gets updated when the password is changed" do
+    user = User.create(email: 'Ed2@example.com', password: 'password2')
+
+    refute_nil user.stretch_mark
+
+    stretch_mark = user.stretch_mark
+    user.password = "password3"
+    user.save
+
+    refute_equal stretch_mark, user.reload.stretch_mark
+  end
+
+  test "the #stretch_mark doesn't change when the worker runs" do
+    user = User.create(email: 'Ed2@example.com', password: 'password2')
+    stretch_mark = user.stretch_mark
+
+    Sidekiq::Testing.inline!
+
+    Devise::Async::Stretch::Backend::Base.new.perform("User", user.id, 'newpassword')
+
+    assert_equal stretch_mark, user.reload.stretch_mark
+  end
+
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise-async-stretch
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors:
 - Daniel Westendorf
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-08 00:00:00.000000000 Z
+date: 2015-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise
@@ -213,6 +213,7 @@ files:
 - test/rails_app/config/secrets.yml
 - test/rails_app/db/migrate/20141227205721_devise_create_users.rb
 - test/rails_app/db/migrate/20150105232318_create_delayed_jobs.rb
+- test/rails_app/db/migrate/20150126144549_add_stretch_mark_to_user.rb
 - test/rails_app/db/schema.rb
 - test/rails_app/db/seeds.rb
 - test/rails_app/lib/assets/.keep
@@ -310,6 +311,7 @@ test_files:
 - test/rails_app/config/secrets.yml
 - test/rails_app/db/migrate/20141227205721_devise_create_users.rb
 - test/rails_app/db/migrate/20150105232318_create_delayed_jobs.rb
+- test/rails_app/db/migrate/20150126144549_add_stretch_mark_to_user.rb
 - test/rails_app/db/schema.rb
 - test/rails_app/db/seeds.rb
 - test/rails_app/lib/assets/.keep