minimalist_authentication 0.5 → 0.6

data/lib/minimalist/authentication.rb

@@ -1,10 +1,16 @@
 require 'digest/sha1'
+require 'bcrypt'
 
 module Minimalist
   module Authentication
     GUEST_USER_EMAIL = 'guest'
-    PREFERRED_DIGEST_VERSION = 2
-    
+    PREFERRED_DIGEST_VERSION = 3
+
+    # Recalibrates cost when class is loaded so that new user passwords
+    # can automatically take advantage of faster server hardware in the
+    # future for better encryption.
+    CALIBRATED_BCRYPT_COST = BCrypt::Engine.calibrate(750)
+
     def self.included( base )
       base.extend(ClassMethods)
       base.class_eval do
@@ -37,11 +43,13 @@ module Minimalist
           when 0 then Digest::MD5.hexdigest(string.to_s)
           when 1 then Digest::SHA1.hexdigest("#{string}--#{salt}")
           when 2 then Digest::SHA2.hexdigest("#{string}#{salt}", 512)
+          when 3 then BCrypt::Password.new(BCrypt::Engine.hash_secret(string, salt)).checksum
         end
       end
 
       def make_token
-        secure_digest(Time.now, (1..10).map{ rand.to_s.gsub(/0\./,'') }.join, PREFERRED_DIGEST_VERSION)
+        #secure_digest(Time.now, (1..10).map{ rand.to_s.gsub(/0\./,'') }.join, PREFERRED_DIGEST_VERSION)
+        BCrypt::Engine.generate_salt(CALIBRATED_BCRYPT_COST)
       end
       
       def guest
@@ -59,7 +67,7 @@ module Minimalist
       
       def authenticated?(password)
         if crypted_password == encrypt(password)
-          if self.respond_to?(:using_digest_version) and using_digest_version != PREFERRED_DIGEST_VERSION
+          if self.respond_to?(:using_digest_version) and (using_digest_version != PREFERRED_DIGEST_VERSION or salt_cost < CALIBRATED_BCRYPT_COST)
             new_salt = self.class.make_token
             self.update_attribute(:crypted_password,self.class.secure_digest(password, new_salt, PREFERRED_DIGEST_VERSION))
             self.update_attribute(:salt, new_salt)
@@ -102,6 +110,10 @@ module Minimalist
         self.respond_to?(:using_digest_version) ? (using_digest_version || 1) : 1
       end
       
+      def salt_cost
+        BCrypt::Engine.valid_salt?(salt) ? salt.match(/\$[^\$]+\$([0-9]+)\$/)[1].to_i : 0
+      end
+
       # email validation
       def validate_email?
         # allows applications to turn off email validation

data/lib/minimalist/version.rb

@@ -1,3 +1,3 @@
 module MinimalistAuthentication
-  VERSION = '0.5'
+  VERSION = '0.6'
 end

data/minimalist_authentication.gemspec

@@ -9,6 +9,9 @@ Gem::Specification.new do |s|
   s.homepage = "https://github.com/wwidea/minimalist_authentication"
   s.summary = %q{A Rails authentication plugin that takes a minimalist approach.}
   s.description = %q{A Rails authentication plugin that takes a minimalist approach. It is designed to be simple to understand, use, and modify for your application.}
+  
+  s.add_dependency('bcrypt-ruby', '~> 3.0.1')
+
   s.files = `git ls-files`.split("\n")
   s.test_files = `git ls-files -- test/*`.split("\n")
   s.require_paths = ["lib"]

metadata

@@ -1,35 +1,42 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: minimalist_authentication
-version: !ruby/object:Gem::Version 
-  hash: 1
-  prerelease: false
-  segments: 
-  - 0
-  - 5
-  version: "0.5"
+version: !ruby/object:Gem::Version
+  version: '0.6'
+  prerelease: 
 platform: ruby
-authors: 
+authors:
 - Aaron Baldwin
 - Jonathan S. Garvin
 - WWIDEA, Inc
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2012-02-07 00:00:00 -07:00
-default_executable: 
-dependencies: []
-
-description: A Rails authentication plugin that takes a minimalist approach. It is designed to be simple to understand, use, and modify for your application.
-email: 
+date: 2012-07-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bcrypt-ruby
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.1
+description: A Rails authentication plugin that takes a minimalist approach. It is
+  designed to be simple to understand, use, and modify for your application.
+email:
 - developers@wwidea.org
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - .gitignore
 - MIT-LICENSE
 - README
@@ -85,41 +92,31 @@ files:
 - test/rails_root/test/test_helper.rb
 - test/sessions_test.rb
 - test/test_helper.rb
-has_rdoc: true
 homepage: https://github.com/wwidea/minimalist_authentication
 licenses: []
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.3.7
+rubygems_version: 1.8.22
 signing_key: 
 specification_version: 3
 summary: A Rails authentication plugin that takes a minimalist approach.
-test_files: 
+test_files:
 - test/authentication_test.rb
 - test/authorization_test.rb
 - test/factories.rb