minimalist_authentication 0.5 → 0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/minimalist/authentication.rb +16 -4
- data/lib/minimalist/version.rb +1 -1
- data/minimalist_authentication.gemspec +3 -0
- metadata +40 -43
@@ -1,10 +1,16 @@
|
|
1
1
|
require 'digest/sha1'
|
2
|
+
require 'bcrypt'
|
2
3
|
|
3
4
|
module Minimalist
|
4
5
|
module Authentication
|
5
6
|
GUEST_USER_EMAIL = 'guest'
|
6
|
-
PREFERRED_DIGEST_VERSION =
|
7
|
-
|
7
|
+
PREFERRED_DIGEST_VERSION = 3
|
8
|
+
|
9
|
+
# Recalibrates cost when class is loaded so that new user passwords
|
10
|
+
# can automatically take advantage of faster server hardware in the
|
11
|
+
# future for better encryption.
|
12
|
+
CALIBRATED_BCRYPT_COST = BCrypt::Engine.calibrate(750)
|
13
|
+
|
8
14
|
def self.included( base )
|
9
15
|
base.extend(ClassMethods)
|
10
16
|
base.class_eval do
|
@@ -37,11 +43,13 @@ module Minimalist
|
|
37
43
|
when 0 then Digest::MD5.hexdigest(string.to_s)
|
38
44
|
when 1 then Digest::SHA1.hexdigest("#{string}--#{salt}")
|
39
45
|
when 2 then Digest::SHA2.hexdigest("#{string}#{salt}", 512)
|
46
|
+
when 3 then BCrypt::Password.new(BCrypt::Engine.hash_secret(string, salt)).checksum
|
40
47
|
end
|
41
48
|
end
|
42
49
|
|
43
50
|
def make_token
|
44
|
-
secure_digest(Time.now, (1..10).map{ rand.to_s.gsub(/0\./,'') }.join, PREFERRED_DIGEST_VERSION)
|
51
|
+
#secure_digest(Time.now, (1..10).map{ rand.to_s.gsub(/0\./,'') }.join, PREFERRED_DIGEST_VERSION)
|
52
|
+
BCrypt::Engine.generate_salt(CALIBRATED_BCRYPT_COST)
|
45
53
|
end
|
46
54
|
|
47
55
|
def guest
|
@@ -59,7 +67,7 @@ module Minimalist
|
|
59
67
|
|
60
68
|
def authenticated?(password)
|
61
69
|
if crypted_password == encrypt(password)
|
62
|
-
if self.respond_to?(:using_digest_version) and using_digest_version != PREFERRED_DIGEST_VERSION
|
70
|
+
if self.respond_to?(:using_digest_version) and (using_digest_version != PREFERRED_DIGEST_VERSION or salt_cost < CALIBRATED_BCRYPT_COST)
|
63
71
|
new_salt = self.class.make_token
|
64
72
|
self.update_attribute(:crypted_password,self.class.secure_digest(password, new_salt, PREFERRED_DIGEST_VERSION))
|
65
73
|
self.update_attribute(:salt, new_salt)
|
@@ -102,6 +110,10 @@ module Minimalist
|
|
102
110
|
self.respond_to?(:using_digest_version) ? (using_digest_version || 1) : 1
|
103
111
|
end
|
104
112
|
|
113
|
+
def salt_cost
|
114
|
+
BCrypt::Engine.valid_salt?(salt) ? salt.match(/\$[^\$]+\$([0-9]+)\$/)[1].to_i : 0
|
115
|
+
end
|
116
|
+
|
105
117
|
# email validation
|
106
118
|
def validate_email?
|
107
119
|
# allows applications to turn off email validation
|
data/lib/minimalist/version.rb
CHANGED
@@ -9,6 +9,9 @@ Gem::Specification.new do |s|
|
|
9
9
|
s.homepage = "https://github.com/wwidea/minimalist_authentication"
|
10
10
|
s.summary = %q{A Rails authentication plugin that takes a minimalist approach.}
|
11
11
|
s.description = %q{A Rails authentication plugin that takes a minimalist approach. It is designed to be simple to understand, use, and modify for your application.}
|
12
|
+
|
13
|
+
s.add_dependency('bcrypt-ruby', '~> 3.0.1')
|
14
|
+
|
12
15
|
s.files = `git ls-files`.split("\n")
|
13
16
|
s.test_files = `git ls-files -- test/*`.split("\n")
|
14
17
|
s.require_paths = ["lib"]
|
metadata
CHANGED
@@ -1,35 +1,42 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: minimalist_authentication
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
prerelease:
|
6
|
-
segments:
|
7
|
-
- 0
|
8
|
-
- 5
|
9
|
-
version: "0.5"
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: '0.6'
|
5
|
+
prerelease:
|
10
6
|
platform: ruby
|
11
|
-
authors:
|
7
|
+
authors:
|
12
8
|
- Aaron Baldwin
|
13
9
|
- Jonathan S. Garvin
|
14
10
|
- WWIDEA, Inc
|
15
11
|
autorequire:
|
16
12
|
bindir: bin
|
17
13
|
cert_chain: []
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
14
|
+
date: 2012-07-17 00:00:00.000000000 Z
|
15
|
+
dependencies:
|
16
|
+
- !ruby/object:Gem::Dependency
|
17
|
+
name: bcrypt-ruby
|
18
|
+
requirement: !ruby/object:Gem::Requirement
|
19
|
+
none: false
|
20
|
+
requirements:
|
21
|
+
- - ~>
|
22
|
+
- !ruby/object:Gem::Version
|
23
|
+
version: 3.0.1
|
24
|
+
type: :runtime
|
25
|
+
prerelease: false
|
26
|
+
version_requirements: !ruby/object:Gem::Requirement
|
27
|
+
none: false
|
28
|
+
requirements:
|
29
|
+
- - ~>
|
30
|
+
- !ruby/object:Gem::Version
|
31
|
+
version: 3.0.1
|
32
|
+
description: A Rails authentication plugin that takes a minimalist approach. It is
|
33
|
+
designed to be simple to understand, use, and modify for your application.
|
34
|
+
email:
|
25
35
|
- developers@wwidea.org
|
26
36
|
executables: []
|
27
|
-
|
28
37
|
extensions: []
|
29
|
-
|
30
38
|
extra_rdoc_files: []
|
31
|
-
|
32
|
-
files:
|
39
|
+
files:
|
33
40
|
- .gitignore
|
34
41
|
- MIT-LICENSE
|
35
42
|
- README
|
@@ -85,41 +92,31 @@ files:
|
|
85
92
|
- test/rails_root/test/test_helper.rb
|
86
93
|
- test/sessions_test.rb
|
87
94
|
- test/test_helper.rb
|
88
|
-
has_rdoc: true
|
89
95
|
homepage: https://github.com/wwidea/minimalist_authentication
|
90
96
|
licenses: []
|
91
|
-
|
92
97
|
post_install_message:
|
93
98
|
rdoc_options: []
|
94
|
-
|
95
|
-
require_paths:
|
99
|
+
require_paths:
|
96
100
|
- lib
|
97
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
101
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
98
102
|
none: false
|
99
|
-
requirements:
|
100
|
-
- -
|
101
|
-
- !ruby/object:Gem::Version
|
102
|
-
|
103
|
-
|
104
|
-
- 0
|
105
|
-
version: "0"
|
106
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
103
|
+
requirements:
|
104
|
+
- - ! '>='
|
105
|
+
- !ruby/object:Gem::Version
|
106
|
+
version: '0'
|
107
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
107
108
|
none: false
|
108
|
-
requirements:
|
109
|
-
- -
|
110
|
-
- !ruby/object:Gem::Version
|
111
|
-
|
112
|
-
segments:
|
113
|
-
- 0
|
114
|
-
version: "0"
|
109
|
+
requirements:
|
110
|
+
- - ! '>='
|
111
|
+
- !ruby/object:Gem::Version
|
112
|
+
version: '0'
|
115
113
|
requirements: []
|
116
|
-
|
117
114
|
rubyforge_project:
|
118
|
-
rubygems_version: 1.
|
115
|
+
rubygems_version: 1.8.22
|
119
116
|
signing_key:
|
120
117
|
specification_version: 3
|
121
118
|
summary: A Rails authentication plugin that takes a minimalist approach.
|
122
|
-
test_files:
|
119
|
+
test_files:
|
123
120
|
- test/authentication_test.rb
|
124
121
|
- test/authorization_test.rb
|
125
122
|
- test/factories.rb
|