devise-async-stretch 0.0.4 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,15 +1,15 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
3
  metadata.gz: !binary |-
4
- YjRiMDZjMTE2MzlhZjZiYzlkMGRhM2Q3ZTU3NjExMTgyZDNhMzY5Mw==
4
+ MWIwYTBiZGI3Y2YwNWQ3NTMyM2NmZWY5MTZhZjk2Yjc1MmVlNWRmZg==
5
5
  data.tar.gz: !binary |-
6
- ZmFhOGIxOGI0NGZiOGUxYWFkM2ZkZmEzOTA4ZWJlYjE1OGM5ZDhlYQ==
6
+ Zjk1ZGQ3NWJhNGMyZjE2ZDJiYWNiNzMzMDZiZTQxNDJmNzliZTA4OQ==
7
7
  SHA512:
8
8
  metadata.gz: !binary |-
9
- NWFiZTQ3Y2JiNGE1NWE0YjQ0ZDJkZWQ1Y2ZlZmNjZDcxYjgyOWIwZjRiYjhm
10
- ODVmODkwZTkzN2NjYjA2YzA4MGE4MTkxY2U5ZmQ3NzQwY2NiNDFmNmI2Mjk3
11
- MWNmODdkYjNjNjkwMzNmYWU4YmYzOTc1ZTIzYmZiZjdhNzczMjM=
9
+ ZTI2OGRlZDE3NWJhZWM5MzliMjcxYTM1ZGIyODc0MTM3MjljODc3OGM2OTU0
10
+ YmIzMDRmM2ExODI0MTg3YWMxMjllYjQ1OWFhYzcwNWE2ZjI0OGFmY2JjZWJi
11
+ MjY1ODIzZWJjZmUwNjJmNjVmOTdiYjUxZWE2NjhmZTcyN2RlOGM=
12
12
  data.tar.gz: !binary |-
13
- MmE1MzIxOTI5NmExODhkMjMzOWVkMGVlMTI1MThlMTZkN2NlODllYmVmMDFi
14
- MTZhZGQ4NjA5MjE1MmY0NThmOGQzMzExMjMxY2FlMGJlNWVmNGEwZGMzZWRj
15
- YTg2NTAyZjFhNjE2YTA2ZDA4YjY0ZDJhMmJlYmRhOTY4ODM3Y2I=
13
+ MTcwMGEwODNiZmZkZGY4MjNkYjc0NWRmOGEyM2U2MjBiMjEzMDViNjlkNDQ0
14
+ N2ZlMmE0ZjdjYWNhZTJhOWJlNzg3MTkxMjUxY2M0OThhMWJlMGZjZGIwMWM1
15
+ NjY3ZGM4ZDRjMDUyODMyMGRjY2M5YjljZjMwM2YwMDIxN2I3N2E=
data/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Move password stretching into a background job for fast user creation but while maintaining difficult to crack storage.
4
4
 
5
- Who, why, and how? See the [website](http://devise-async-stretch.onsimplybuilt.com/).
5
+ # Don't use this. Everything will work in development, but once you deploy to production, users will get logged out once the bg job executes.
6
6
 
7
7
  ## Contributing
8
8
 
@@ -6,6 +6,7 @@ module Devise
6
6
  included do
7
7
  # Enhance the stretches!
8
8
  after_commit :enqueue_stretch_worker, on: [:create, :update] if Devise::Async::Stretch.enabled
9
+ before_save :update_stretch_mark, on: [:create, :update] if Devise::Async::Stretch.enabled
9
10
  end
10
11
 
11
12
  def self.required_fields(klass)
@@ -22,6 +23,11 @@ module Devise
22
23
  ::BCrypt::Password.create("#{password}#{self.class.pepper}", cost: stretches).to_s
23
24
  end
24
25
 
26
+ # This is used in the session, used to verify if the password has changed
27
+ def authenticatable_salt
28
+ stretch_mark if stretch_mark
29
+ end
30
+
25
31
  protected
26
32
 
27
33
  def enqueue_stretch_worker
@@ -29,6 +35,10 @@ module Devise
29
35
  @password = nil
30
36
  end
31
37
 
38
+ def update_stretch_mark
39
+ self[:stretch_mark] = SecureRandom.hex(15)[0,29] unless @password.blank?
40
+ end
41
+
32
42
  # Digests the password using bcrypt. Custom encryption should override
33
43
  # this method to apply their own algorithm.
34
44
  #
@@ -1,7 +1,7 @@
1
1
  module Devise
2
2
  module Async
3
3
  module Stretch
4
- VERSION = "0.0.4"
4
+ VERSION = "0.0.5"
5
5
  end
6
6
  end
7
7
  end
@@ -19,6 +19,11 @@ module Devise
19
19
  inject_into_file(path, ", :stretchable", :after => ":database_authenticatable") if File.exists?(path)
20
20
  end
21
21
 
22
+ def add_stretch_mark
23
+ generate "migration", "AddStretchMarkTo#{name} stretch_mark:string"
24
+ rake "db:migrate"
25
+ end
26
+
22
27
  end
23
28
  end
24
29
  end
@@ -4,6 +4,19 @@ class ModelTest < ActiveSupport::TestCase
4
4
 
5
5
  setup do
6
6
  @user = users(:bob)
7
+ Devise::Async::Stretch.enabled = true
8
+
9
+ @model = Class.new do
10
+ extend ActiveModel::Callbacks
11
+ define_model_callbacks :save, :commit
12
+
13
+ include ActiveModel::AttributeMethods
14
+ include Devise::Models::Stretchable
15
+
16
+ attr_accessor :email, :password, :stretch_mark
17
+
18
+ def []=(key, val); self.send(key.to_s + '=', val); end
19
+ end
7
20
  end
8
21
 
9
22
  test "bcrypt accepts a stretch param" do
@@ -15,7 +28,6 @@ class ModelTest < ActiveSupport::TestCase
15
28
  end
16
29
 
17
30
  test "required_fields doesn't include encrypted_password when enabled" do
18
- Devise::Async::Stretch.enabled = true
19
31
  assert_equal [:email], Devise::Models::Stretchable.required_fields(User)
20
32
  end
21
33
 
@@ -24,4 +36,22 @@ class ModelTest < ActiveSupport::TestCase
24
36
  assert_equal [:encrypted_password, :email], Devise::Models::Stretchable.required_fields(User)
25
37
  end
26
38
 
39
+ test "the #authenticatable_salt returns the stretch_mark" do
40
+ instance = @model.new
41
+ instance.stretch_mark = "123456"
42
+
43
+ assert_equal "123456", instance.authenticatable_salt
44
+ end
45
+
46
+ test "if the password has changed, the stretch_mark gets updated" do
47
+ instance = @model.new
48
+ instance.password = "Bob"
49
+
50
+ assert_nil instance.stretch_mark
51
+
52
+ instance.run_callbacks(:save)
53
+
54
+ refute_nil instance.stretch_mark
55
+ end
56
+
27
57
  end
@@ -0,0 +1,5 @@
1
+ class AddStretchMarkToUser < ActiveRecord::Migration
2
+ def change
3
+ add_column :users, :stretch_mark, :string
4
+ end
5
+ end
@@ -11,7 +11,7 @@
11
11
  #
12
12
  # It's strongly recommended that you check this file into your version control system.
13
13
 
14
- ActiveRecord::Schema.define(version: 20150105232318) do
14
+ ActiveRecord::Schema.define(version: 20150126144549) do
15
15
 
16
16
  create_table "delayed_jobs", force: :cascade do |t|
17
17
  t.integer "priority", default: 0, null: false
@@ -42,6 +42,7 @@ ActiveRecord::Schema.define(version: 20150105232318) do
42
42
  t.string "last_sign_in_ip"
43
43
  t.datetime "created_at"
44
44
  t.datetime "updated_at"
45
+ t.string "stretch_mark"
45
46
  end
46
47
 
47
48
  add_index "users", ["email"], name: "index_users_on_email", unique: true
@@ -29,4 +29,27 @@ class UserTest < ActiveSupport::TestCase
29
29
  end
30
30
  end
31
31
 
32
+ test "the #stretch_mark gets updated when the password is changed" do
33
+ user = User.create(email: 'Ed2@example.com', password: 'password2')
34
+
35
+ refute_nil user.stretch_mark
36
+
37
+ stretch_mark = user.stretch_mark
38
+ user.password = "password3"
39
+ user.save
40
+
41
+ refute_equal stretch_mark, user.reload.stretch_mark
42
+ end
43
+
44
+ test "the #stretch_mark doesn't change when the worker runs" do
45
+ user = User.create(email: 'Ed2@example.com', password: 'password2')
46
+ stretch_mark = user.stretch_mark
47
+
48
+ Sidekiq::Testing.inline!
49
+
50
+ Devise::Async::Stretch::Backend::Base.new.perform("User", user.id, 'newpassword')
51
+
52
+ assert_equal stretch_mark, user.reload.stretch_mark
53
+ end
54
+
32
55
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-async-stretch
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.4
4
+ version: 0.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Westendorf
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-01-08 00:00:00.000000000 Z
11
+ date: 2015-01-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise
@@ -213,6 +213,7 @@ files:
213
213
  - test/rails_app/config/secrets.yml
214
214
  - test/rails_app/db/migrate/20141227205721_devise_create_users.rb
215
215
  - test/rails_app/db/migrate/20150105232318_create_delayed_jobs.rb
216
+ - test/rails_app/db/migrate/20150126144549_add_stretch_mark_to_user.rb
216
217
  - test/rails_app/db/schema.rb
217
218
  - test/rails_app/db/seeds.rb
218
219
  - test/rails_app/lib/assets/.keep
@@ -310,6 +311,7 @@ test_files:
310
311
  - test/rails_app/config/secrets.yml
311
312
  - test/rails_app/db/migrate/20141227205721_devise_create_users.rb
312
313
  - test/rails_app/db/migrate/20150105232318_create_delayed_jobs.rb
314
+ - test/rails_app/db/migrate/20150126144549_add_stretch_mark_to_user.rb
313
315
  - test/rails_app/db/schema.rb
314
316
  - test/rails_app/db/seeds.rb
315
317
  - test/rails_app/lib/assets/.keep