has_secure_password 0.0.1

data/MIT_LICENSE

@@ -0,0 +1,20 @@
+Copyright 2013 Larry Halff (See also MIT_LICENCE_RAILS.)
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/MIT_LICENSE_RAILS

@@ -0,0 +1,20 @@
+Copyright (c) 2004-2013 David Heinemeier Hansson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,30 @@
+# has_secure_password
+
+This is a Rails 2 plugin for "has_secure_password" as currently provided in Rails 4.
+
+All code was copied and modified from:
+
+https://github.com/rails/rails/blob/master/activemodel/lib/active_model/secure_password.rb
+
+and
+
+https://github.com/rails/rails/tree/master/activemodel/test
+
+## Installation
+
+Add the following to `environment.rb` or your Gemfile:
+
+    gem "has_secure_password"
+
+## Usage
+
+Use as you would the Rails has_secure_password mixin:
+
+    class User
+      has_secure_password
+    end
+
+## Credits
+
+Copyright (c) 2013 Larry Halff, released under the MIT license.
+Most portions Copyright (c) 2004-2013 David Heinemeier Hansson, released under the MIT license.

data/Rakefile

@@ -0,0 +1,22 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test has_secure_password plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for has_secure_password plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'has_secure_password'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/lib/active_record/secure_password.rb

@@ -0,0 +1,118 @@
+module ActiveRecord
+  module SecurePassword #:nodoc:
+
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+    
+    class << self; attr_accessor :min_cost; end
+    self.min_cost = false
+
+    module ClassMethods
+      # Adds methods to set and authenticate against a BCrypt password.
+      # This mechanism requires you to have a password_digest attribute.
+      #
+      # Validations for presence of password on create, confirmation of password
+      # (using a +password_confirmation+ attribute) are automatically added. If
+      # you wish to turn off validations, pass <tt>validations: false</tt> as an
+      # argument. You can add more validations by hand if need be.
+      #
+      # If you don't need the confirmation validation, just don't set any
+      # value to the password_confirmation attribute and the the validation
+      # will not be triggered.
+      #
+      # You need to add bcrypt-ruby (~> 3.0.0) to Gemfile to use #has_secure_password:
+      #
+      #   gem 'bcrypt-ruby', '~> 3.0.0'
+      #
+      # Example using Active Record (which automatically includes ActiveRecord::SecurePassword):
+      #
+      #   # Schema: User(name:string, password_digest:string)
+      #   class User < ActiveRecord::Base
+      #     has_secure_password
+      #   end
+      #
+      #   user = User.new(name: 'david', password: '', password_confirmation: 'nomatch')
+      #   user.save                                                       # => false, password required
+      #   user.password = 'mUc3m00RsqyRe'
+      #   user.save                                                       # => false, confirmation doesn't match
+      #   user.password_confirmation = 'mUc3m00RsqyRe'
+      #   user.save                                                       # => true
+      #   user.authenticate('notright')                                   # => false
+      #   user.authenticate('mUc3m00RsqyRe')                              # => user
+      #   User.find_by(name: 'david').try(:authenticate, 'notright')      # => false
+      #   User.find_by(name: 'david').try(:authenticate, 'mUc3m00RsqyRe') # => user
+      def has_secure_password(options = {})
+        # Load bcrypt-ruby only when has_secure_password is used.
+        # This is to avoid ActiveRecord (and by extension the entire framework)
+        # being dependent on a binary library.
+        begin
+          gem 'bcrypt-ruby', '~> 3.0.0'
+          require 'bcrypt'
+        rescue LoadError
+          $stderr.puts "You don't have bcrypt-ruby installed in your application. Please add it to your Gemfile and run bundle install"
+          raise
+        end
+
+        attr_reader :password
+
+        include InstanceMethodsOnActivation
+
+        if options[:validations] == true || options[:validations].nil?
+          validates_confirmation_of :password, :if => lambda { |m| m.password.present? }
+          validates_presence_of     :password, :on => :create
+          validates_presence_of     :password_confirmation, :if => lambda { |m| m.password.present? }
+
+          before_create { |r| raise "Password digest missing on new record" if r.password_digest.blank? }
+        end
+
+        if respond_to?(:attributes_protected_by_default)
+          def self.attributes_protected_by_default #:nodoc:
+            super + ['password_digest']
+          end
+        end
+      end
+    end
+
+    module InstanceMethodsOnActivation
+      # Returns +self+ if the password is correct, otherwise +false+.
+      #
+      #   class User < ActiveRecord::Base
+      #     has_secure_password validations: false
+      #   end
+      #
+      #   user = User.new(name: 'david', password: 'mUc3m00RsqyRe')
+      #   user.save
+      #   user.authenticate('notright')      # => false
+      #   user.authenticate('mUc3m00RsqyRe') # => user
+      def authenticate(unencrypted_password)
+        BCrypt::Password.new(password_digest) == unencrypted_password && self
+      end
+
+      # Encrypts the password into the +password_digest+ attribute, only if the
+      # new password is not blank.
+      #
+      #   class User < ActiveRecord::Base
+      #     has_secure_password validations: false
+      #   end
+      #
+      #   user = User.new
+      #   user.password = nil
+      #   user.password_digest # => nil
+      #   user.password = 'mUc3m00RsqyRe'
+      #   user.password_digest # => "$2a$10$4LEA7r4YmNHtvlAvHhsYAeZmk/xeUVtMTYqwIvYY76EW5GUqDiP4."
+      def password=(unencrypted_password)
+        unless unencrypted_password.blank?
+          @password = unencrypted_password
+          cost = ActiveRecord::SecurePassword.min_cost ? BCrypt::Engine::MIN_COST : BCrypt::Engine::DEFAULT_COST
+          self.password_digest = BCrypt::Password.create(unencrypted_password, :cost => cost)
+        end
+      end
+
+      def password_confirmation=(unencrypted_password)
+        @password_confirmation = unencrypted_password
+      end
+    end
+
+  end
+end

data/lib/version.rb

@@ -0,0 +1,5 @@
+module ActiveRecord
+  module SecurePassword #:nodoc:
+    VERSION = "0.0.1"
+  end
+end

data/rails/init.rb

@@ -0,0 +1,4 @@
+$:.unshift "#{File.dirname(__FILE__)}/lib"
+require 'active_record/secure_password'
+
+ActiveRecord::Base.send :include, ActiveRecord::SecurePassword

data/test/database.yml

@@ -0,0 +1,4 @@
+test:
+  adapter: sqlite3
+  database: secure_password.sqlite3.db
+  

data/test/schema.rb

@@ -0,0 +1,7 @@
+ActiveRecord::Schema.define(:version => 0) do
+  create_table :mixins, :force => true do |t|
+    t.column :type,             :string
+    t.column :password_digest,  :string
+  end
+  
+end

data/test/secure_password_test.rb

@@ -0,0 +1,160 @@
+require 'test/unit'
+
+require 'rubygems'
+require 'active_record'
+
+$:.unshift File.dirname(__FILE__) + '/../lib'
+require File.dirname(__FILE__) + '/../rails/init'
+
+ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
+ActiveRecord::Schema.verbose = false
+
+def setup_db(position_options = {})
+  # AR caches columns options like defaults etc. Clear them!
+  ActiveRecord::Schema.define(:version => 1) do
+    create_table :mixins do |t|
+      t.column :type, :string
+      t.column :password_digest, :string
+    end
+  end
+end
+
+def teardown_db
+  ActiveRecord::Base.connection.tables.each do |table|
+    ActiveRecord::Base.connection.drop_table(table)
+  end
+end
+
+class Mixin < ActiveRecord::Base
+end
+
+class User < Mixin
+  has_secure_password
+  attr_accessor :password_digest, :password_salt
+end
+
+class Visitor < Mixin
+  has_secure_password(:validations => false)
+  attr_accessor :password_digest, :password_confirmation
+end
+
+class OauthedUser < Mixin
+  has_secure_password(:validations => false)
+  attr_accessor :password_digest, :password_salt
+end
+
+class SecurePasswordTest < Test::Unit::TestCase
+  def setup
+    ActiveRecord::SecurePassword.min_cost = true
+
+    setup_db
+    @user = User.new
+    @visitor = Visitor.new
+    @oauthed_user = OauthedUser.new
+  end
+
+  def teardown
+    ActiveRecord::SecurePassword.min_cost = false
+    teardown_db
+  end
+
+  def test_blank_password
+    @user.password = @visitor.password = ''
+    assert !@user.valid?, 'user should be invalid'
+    assert @visitor.valid?, 'visitor should be valid'
+  end
+
+  def test_nil_password
+    @user.password = @visitor.password = nil
+    assert !@user.valid?, 'user should be invalid'
+    assert @visitor.valid?, 'visitor should be valid'
+  end
+
+  def test_blank_password_doesnt_override_previous_password
+    @user.password = 'test'
+    @user.password = ''
+    assert_equal @user.password, 'test'
+  end
+
+  def test_password_must_be_present
+    assert !@user.valid?
+    assert_equal 1, @user.errors.size
+  end
+
+  def test_match_confirmation
+    @user.password = @visitor.password = "thiswillberight"
+    @user.password_confirmation = @visitor.password_confirmation = "wrong"
+
+    assert !@user.valid?
+    assert @visitor.valid?
+
+    @user.password_confirmation = "thiswillberight"
+
+    assert @user.valid?
+  end
+
+  def test_authenticate
+    @user.password = "secret"
+
+    assert !@user.authenticate("wrong")
+    assert @user.authenticate("secret")
+  end
+
+  def test_user_should_not_be_created_with_blank_digest
+    @user.password = "tryapassword"
+    @user.password_confirmation = "tryapassword"
+    @user.password_digest = ""
+    assert_raise RuntimeError do
+      @user.save
+    end
+    @user.password = "supersecretpassword"
+    @user.password_confirmation = "supersecretpassword"
+    assert_nothing_raised do
+      @user.save
+    end
+  end
+
+  def test_oauthed_user_can_be_created_with_blank_digest
+    @oauthed_user.password = "tryapassword"
+    @oauthed_user.password_confirmation = "tryapassword"
+    @oauthed_user.password_digest = ""
+    assert_nothing_raised do
+      @oauthed_user.save
+    end
+  end
+
+  def test_password_digest_cost_defaults_to_bcrypt_default_cost_when_min_cost_is_false
+    ActiveRecord::SecurePassword.min_cost = false
+
+    @user.password = "secret"
+    assert_equal BCrypt::Engine::DEFAULT_COST, @user.password_digest.cost
+  end
+
+  def test_Password_digest_cost_can_be_set_to_bcrypt_min_cost_to_speed_up_tests
+    ActiveRecord::SecurePassword.min_cost = true
+
+    @user.password = "secret"
+    assert_equal BCrypt::Engine::MIN_COST, @user.password_digest.cost
+  end
+
+  def test_blank_password_confirmation_does_not_result_in_a_confirmation_error
+    @user.password = "supersecretpassword"
+    @user.password_confirmation = "supersecretpassword"
+    @user.save
+    @user_reloaded = User.find(@user.id)
+
+    assert @user_reloaded.password.nil?
+    assert @user_reloaded.password.nil?
+    assert @user_reloaded.valid?, "user should be valid"
+  end
+
+  def test will_not_save_if_confirmation_is_blank_but_password_is_not
+    @user.password = "password"
+    @user.password_confirmation = ""
+    assert !@user.valid?
+
+    @user.password_confirmation = "password"
+    assert @user.valid?
+  end
+  
+end

metadata

@@ -0,0 +1,112 @@
+--- !ruby/object:Gem::Specification 
+name: has_secure_password
+version: !ruby/object:Gem::Version 
+  hash: 29
+  prerelease: 
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- lhalff
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2013-06-14 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rails
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">"
+      - !ruby/object:Gem::Version 
+        hash: 1
+        segments: 
+        - 2
+        - 1
+        version: "2.1"
+    - - <
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 3
+        - 0
+        version: "3.0"
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: sqlite3
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id002
+description: Provides Rails 4 has_secure_password mixin for Rails 2. Requires Rails 2.1 or higher.
+email: 
+- email@larryhalff.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- rails/init.rb
+- lib/active_record/secure_password.rb
+- lib/version.rb
+- MIT_LICENSE
+- MIT_LICENSE_RAILS
+- Rakefile
+- README.md
+- test/database.yml
+- test/schema.rb
+- test/secure_password_test.rb
+homepage: https://github.com/lhalff/rails_secure_password
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: has_secure_password for Rails 2
+test_files: 
+- test/database.yml
+- test/schema.rb
+- test/secure_password_test.rb