devise 0.8.0 → 0.8.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of devise might be problematic. Click here for more details.

@@ -1,3 +1,11 @@
1
+ * enhancements
2
+ * Move salt to encryptors
3
+
4
+ * bug fix
5
+ * Bcrypt generator was not being loaded neither setting the proper salt
6
+
7
+ == 0.8.0
8
+
1
9
  * enhancements
2
10
  * Warden 0.8.0 compatibility
3
11
  * Add an easy for map.connect "sign_in", :controller => "sessions", :action => "new" to work
data/Rakefile CHANGED
@@ -44,7 +44,7 @@ begin
44
44
  s.description = "Flexible authentication solution for Rails with Warden"
45
45
  s.authors = ['José Valim', 'Carlos Antônio']
46
46
  s.files = FileList["[A-Z]*", "{app,config,generators,lib}/**/*", "init.rb"]
47
- s.add_dependency("warden", "~> 0.8.0")
47
+ s.add_dependency("warden", "~> 0.8.1")
48
48
  end
49
49
 
50
50
  Jeweler::GemcutterTasks.new
@@ -11,12 +11,13 @@ module Devise
11
11
  end
12
12
 
13
13
  module Encryptors
14
+ autoload :Base, 'devise/encryptors/base'
15
+ autoload :Bcrypt, 'devise/encryptors/bcrypt'
14
16
  autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
15
17
  autoload :AuthlogicSha1, 'devise/encryptors/authlogic_sha1'
16
18
  autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
17
19
  autoload :Sha512, 'devise/encryptors/sha512'
18
20
  autoload :Sha1, 'devise/encryptors/sha1'
19
- autoload :BCrypt, 'devise/encryptors/bcrypt'
20
21
  end
21
22
 
22
23
  module Orm
@@ -48,7 +49,8 @@ module Devise
48
49
  :sha512 => 128,
49
50
  :clearance_sha1 => 40,
50
51
  :restful_authentication_sha1 => 40,
51
- :authlogic_sha512 => 128
52
+ :authlogic_sha512 => 128,
53
+ :bcrypt => 60
52
54
  }
53
55
 
54
56
  # Email regex used to validate email formats. Retrieved from authlogic.
@@ -1,19 +1,12 @@
1
1
  require "digest/sha2"
2
2
 
3
3
  module Devise
4
- # Implements a way of adding different encryptions.
5
- # The class should implement a self.digest method that taks the following params:
6
- # - password
7
- # - stretches: the number of times the encryption will be applied
8
- # - salt: the password salt as defined by devise
9
- # - pepper: Devise config option
10
- #
11
4
  module Encryptors
12
5
  # = AuthlogicSha512
13
6
  # Simulates Authlogic's default encryption mechanism.
14
7
  # Warning: it uses Devise's stretches configuration to port Authlogic's one. Should be set to 20 in the initializer to silumate
15
8
  # the default behavior.
16
- class AuthlogicSha512
9
+ class AuthlogicSha512 < Base
17
10
 
18
11
  # Gererates a default password digest based on salt, pepper and the
19
12
  # incoming password.
@@ -0,0 +1,20 @@
1
+ module Devise
2
+ # Implements a way of adding different encryptions.
3
+ # The class should implement a self.digest method that taks the following params:
4
+ # - password
5
+ # - stretches: the number of times the encryption will be applied
6
+ # - salt: the password salt as defined by devise
7
+ # - pepper: Devise config option
8
+ #
9
+ module Encryptors
10
+ class Base
11
+ def self.digest
12
+ raise NotImplemented
13
+ end
14
+
15
+ def self.salt
16
+ Devise.friendly_token
17
+ end
18
+ end
19
+ end
20
+ end
@@ -1,22 +1,19 @@
1
1
  require "bcrypt"
2
2
 
3
3
  module Devise
4
- # Implements a way of adding different encryptions.
5
- # The class should implement a self.digest method that taks the following params:
6
- # - password
7
- # - stretches: the number of times the encryption will be applied
8
- # - salt: the password salt as defined by devise
9
- # - pepper: Devise config option
10
- #
11
4
  module Encryptors
12
5
  # = BCrypt
13
6
  # Uses the BCrypt hash algorithm to encrypt passwords.
14
- class BCrypt
7
+ class Bcrypt < Base
15
8
 
16
9
  # Gererates a default password digest based on stretches, salt, pepper and the
17
10
  # incoming password. We don't strech it ourselves since BCrypt does so internally.
18
11
  def self.digest(password, stretches, salt, pepper)
19
- ::BCrypt::Engine.hash_secret(password, [salt, pepper].flatten.join('xx'), stretches)
12
+ ::BCrypt::Engine.hash_secret([password, pepper].join, salt, stretches)
13
+ end
14
+
15
+ def self.salt
16
+ ::BCrypt::Engine.generate_salt
20
17
  end
21
18
 
22
19
  end
@@ -1,19 +1,12 @@
1
1
  require "digest/sha1"
2
2
 
3
3
  module Devise
4
- # Implements a way of adding different encryptions.
5
- # The class should implement a self.digest method that taks the following params:
6
- # - password
7
- # - stretches: the number of times the encryption will be applied
8
- # - salt: the password salt as defined by devise
9
- # - pepper: Devise config option
10
- #
11
4
  module Encryptors
12
5
  # = ClearanceSha1
13
6
  # Simulates Clearance's default encryption mechanism.
14
7
  # Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
15
8
  # Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES
16
- class ClearanceSha1
9
+ class ClearanceSha1 < Base
17
10
 
18
11
  # Gererates a default password digest based on salt, pepper and the
19
12
  # incoming password.
@@ -1,20 +1,13 @@
1
1
  require "digest/sha1"
2
2
 
3
3
  module Devise
4
- # Implements a way of adding different encryptions.
5
- # The class should implement a self.digest method that taks the following params:
6
- # - password
7
- # - stretches: the number of times the encryption will be applied
8
- # - salt: the password salt as defined by devise
9
- # - pepper: Devise config option
10
- #
11
4
  module Encryptors
12
5
  # = RestfulAuthenticationSha1
13
6
  # Simulates Restful Authentication's default encryption mechanism.
14
7
  # Warning: it uses Devise's pepper to port the concept of REST_AUTH_SITE_KEY
15
8
  # Warning: it uses Devise's stretches configuration to port the concept of REST_AUTH_DIGEST_STRETCHES. Should be set to 10 in
16
9
  # the initializer to silumate the default behavior.
17
- class RestfulAuthenticationSha1
10
+ class RestfulAuthenticationSha1 < Base
18
11
 
19
12
  # Gererates a default password digest based on salt, pepper and the
20
13
  # incoming password.
@@ -1,17 +1,10 @@
1
1
  require "digest/sha1"
2
2
 
3
3
  module Devise
4
- # Implements a way of adding different encryptions.
5
- # The class should implement a self.digest method that taks the following params:
6
- # - password
7
- # - stretches: the number of times the encryption will be applied
8
- # - salt: the password salt as defined by devise
9
- # - pepper: Devise config option
10
- #
11
4
  module Encryptors
12
5
  # = Sha1
13
6
  # Uses the Sha1 hash algorithm to encrypt passwords.
14
- class Sha1
7
+ class Sha1 < Base
15
8
 
16
9
  # Gererates a default password digest based on stretches, salt, pepper and the
17
10
  # incoming password.
@@ -1,17 +1,10 @@
1
1
  require "digest/sha2"
2
2
 
3
3
  module Devise
4
- # Implements a way of adding different encryptions.
5
- # The class should implement a self.digest method that taks the following params:
6
- # - password
7
- # - stretches: the number of times the encryption will be applied
8
- # - salt: the password salt as defined by devise
9
- # - pepper: Devise config option
10
- #
11
4
  module Encryptors
12
5
  # = Sha512
13
6
  # Uses the Sha512 hash algorithm to encrypt passwords.
14
- class Sha512
7
+ class Sha512 < Base
15
8
 
16
9
  # Gererates a default password digest based on salt, pepper and the
17
10
  # incoming password.
@@ -43,7 +43,7 @@ module Devise
43
43
  @password = new_password
44
44
 
45
45
  if @password.present?
46
- self.password_salt = Devise.friendly_token
46
+ self.password_salt = self.class.encryptor_class.salt
47
47
  self.encrypted_password = password_digest(@password)
48
48
  end
49
49
  end
@@ -1,3 +1,3 @@
1
1
  module Devise
2
- VERSION = "0.8.0".freeze
2
+ VERSION = "0.8.1".freeze
3
3
  end
@@ -18,18 +18,11 @@ class Encryptors < ActiveSupport::TestCase
18
18
  assert_equal clearance, encryptor
19
19
  end
20
20
 
21
- test 'should match a password created by bcrypt' do
22
- bcrypt = "$2a$10$81UWRL4S01M6zxjMPyBame1He8EHYgdFm26rQh0qKzglf2ijtEyfa"
23
- encryptor = Devise::Encryptors::BCrypt.digest('123mudar', 4, '$2a$10$81UWRL4S01M6zxjMPyBame', '')
24
- assert_equal bcrypt, encryptor
25
- end
26
-
27
-
28
-
29
21
  Devise::ENCRYPTORS_LENGTH.each do |key, value|
30
22
  test "should have length #{value} for #{key.inspect}" do
31
23
  swap Devise, :encryptor => key do
32
- assert_equal value, Devise::Encryptors.const_get(key.to_s.classify).digest('a', 2, 'b', 'c').size
24
+ encryptor = Devise::Encryptors.const_get(key.to_s.classify)
25
+ assert_equal value, encryptor.digest('a', 4, encryptor.salt, nil).size
33
26
  end
34
27
  end
35
28
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.0
4
+ version: 0.8.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - "Jos\xC3\xA9 Valim"
@@ -10,7 +10,7 @@ autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
12
 
13
- date: 2010-01-07 00:00:00 +01:00
13
+ date: 2010-01-08 00:00:00 +01:00
14
14
  default_executable:
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
@@ -21,7 +21,7 @@ dependencies:
21
21
  requirements:
22
22
  - - ~>
23
23
  - !ruby/object:Gem::Version
24
- version: 0.8.0
24
+ version: 0.8.1
25
25
  version:
26
26
  description: Flexible authentication solution for Rails with Warden
27
27
  email: contact@plataformatec.com.br
@@ -65,6 +65,7 @@ files:
65
65
  - lib/devise/controllers/helpers.rb
66
66
  - lib/devise/controllers/url_helpers.rb
67
67
  - lib/devise/encryptors/authlogic_sha512.rb
68
+ - lib/devise/encryptors/base.rb
68
69
  - lib/devise/encryptors/bcrypt.rb
69
70
  - lib/devise/encryptors/clearance_sha1.rb
70
71
  - lib/devise/encryptors/restful_authentication_sha1.rb