minimalist_authentication 0.5 → 0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,10 +1,16 @@
1
1
  require 'digest/sha1'
2
+ require 'bcrypt'
2
3
 
3
4
  module Minimalist
4
5
  module Authentication
5
6
  GUEST_USER_EMAIL = 'guest'
6
- PREFERRED_DIGEST_VERSION = 2
7
-
7
+ PREFERRED_DIGEST_VERSION = 3
8
+
9
+ # Recalibrates cost when class is loaded so that new user passwords
10
+ # can automatically take advantage of faster server hardware in the
11
+ # future for better encryption.
12
+ CALIBRATED_BCRYPT_COST = BCrypt::Engine.calibrate(750)
13
+
8
14
  def self.included( base )
9
15
  base.extend(ClassMethods)
10
16
  base.class_eval do
@@ -37,11 +43,13 @@ module Minimalist
37
43
  when 0 then Digest::MD5.hexdigest(string.to_s)
38
44
  when 1 then Digest::SHA1.hexdigest("#{string}--#{salt}")
39
45
  when 2 then Digest::SHA2.hexdigest("#{string}#{salt}", 512)
46
+ when 3 then BCrypt::Password.new(BCrypt::Engine.hash_secret(string, salt)).checksum
40
47
  end
41
48
  end
42
49
 
43
50
  def make_token
44
- secure_digest(Time.now, (1..10).map{ rand.to_s.gsub(/0\./,'') }.join, PREFERRED_DIGEST_VERSION)
51
+ #secure_digest(Time.now, (1..10).map{ rand.to_s.gsub(/0\./,'') }.join, PREFERRED_DIGEST_VERSION)
52
+ BCrypt::Engine.generate_salt(CALIBRATED_BCRYPT_COST)
45
53
  end
46
54
 
47
55
  def guest
@@ -59,7 +67,7 @@ module Minimalist
59
67
 
60
68
  def authenticated?(password)
61
69
  if crypted_password == encrypt(password)
62
- if self.respond_to?(:using_digest_version) and using_digest_version != PREFERRED_DIGEST_VERSION
70
+ if self.respond_to?(:using_digest_version) and (using_digest_version != PREFERRED_DIGEST_VERSION or salt_cost < CALIBRATED_BCRYPT_COST)
63
71
  new_salt = self.class.make_token
64
72
  self.update_attribute(:crypted_password,self.class.secure_digest(password, new_salt, PREFERRED_DIGEST_VERSION))
65
73
  self.update_attribute(:salt, new_salt)
@@ -102,6 +110,10 @@ module Minimalist
102
110
  self.respond_to?(:using_digest_version) ? (using_digest_version || 1) : 1
103
111
  end
104
112
 
113
+ def salt_cost
114
+ BCrypt::Engine.valid_salt?(salt) ? salt.match(/\$[^\$]+\$([0-9]+)\$/)[1].to_i : 0
115
+ end
116
+
105
117
  # email validation
106
118
  def validate_email?
107
119
  # allows applications to turn off email validation
@@ -1,3 +1,3 @@
1
1
  module MinimalistAuthentication
2
- VERSION = '0.5'
2
+ VERSION = '0.6'
3
3
  end
@@ -9,6 +9,9 @@ Gem::Specification.new do |s|
9
9
  s.homepage = "https://github.com/wwidea/minimalist_authentication"
10
10
  s.summary = %q{A Rails authentication plugin that takes a minimalist approach.}
11
11
  s.description = %q{A Rails authentication plugin that takes a minimalist approach. It is designed to be simple to understand, use, and modify for your application.}
12
+
13
+ s.add_dependency('bcrypt-ruby', '~> 3.0.1')
14
+
12
15
  s.files = `git ls-files`.split("\n")
13
16
  s.test_files = `git ls-files -- test/*`.split("\n")
14
17
  s.require_paths = ["lib"]
metadata CHANGED
@@ -1,35 +1,42 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: minimalist_authentication
3
- version: !ruby/object:Gem::Version
4
- hash: 1
5
- prerelease: false
6
- segments:
7
- - 0
8
- - 5
9
- version: "0.5"
3
+ version: !ruby/object:Gem::Version
4
+ version: '0.6'
5
+ prerelease:
10
6
  platform: ruby
11
- authors:
7
+ authors:
12
8
  - Aaron Baldwin
13
9
  - Jonathan S. Garvin
14
10
  - WWIDEA, Inc
15
11
  autorequire:
16
12
  bindir: bin
17
13
  cert_chain: []
18
-
19
- date: 2012-02-07 00:00:00 -07:00
20
- default_executable:
21
- dependencies: []
22
-
23
- description: A Rails authentication plugin that takes a minimalist approach. It is designed to be simple to understand, use, and modify for your application.
24
- email:
14
+ date: 2012-07-17 00:00:00.000000000 Z
15
+ dependencies:
16
+ - !ruby/object:Gem::Dependency
17
+ name: bcrypt-ruby
18
+ requirement: !ruby/object:Gem::Requirement
19
+ none: false
20
+ requirements:
21
+ - - ~>
22
+ - !ruby/object:Gem::Version
23
+ version: 3.0.1
24
+ type: :runtime
25
+ prerelease: false
26
+ version_requirements: !ruby/object:Gem::Requirement
27
+ none: false
28
+ requirements:
29
+ - - ~>
30
+ - !ruby/object:Gem::Version
31
+ version: 3.0.1
32
+ description: A Rails authentication plugin that takes a minimalist approach. It is
33
+ designed to be simple to understand, use, and modify for your application.
34
+ email:
25
35
  - developers@wwidea.org
26
36
  executables: []
27
-
28
37
  extensions: []
29
-
30
38
  extra_rdoc_files: []
31
-
32
- files:
39
+ files:
33
40
  - .gitignore
34
41
  - MIT-LICENSE
35
42
  - README
@@ -85,41 +92,31 @@ files:
85
92
  - test/rails_root/test/test_helper.rb
86
93
  - test/sessions_test.rb
87
94
  - test/test_helper.rb
88
- has_rdoc: true
89
95
  homepage: https://github.com/wwidea/minimalist_authentication
90
96
  licenses: []
91
-
92
97
  post_install_message:
93
98
  rdoc_options: []
94
-
95
- require_paths:
99
+ require_paths:
96
100
  - lib
97
- required_ruby_version: !ruby/object:Gem::Requirement
101
+ required_ruby_version: !ruby/object:Gem::Requirement
98
102
  none: false
99
- requirements:
100
- - - ">="
101
- - !ruby/object:Gem::Version
102
- hash: 3
103
- segments:
104
- - 0
105
- version: "0"
106
- required_rubygems_version: !ruby/object:Gem::Requirement
103
+ requirements:
104
+ - - ! '>='
105
+ - !ruby/object:Gem::Version
106
+ version: '0'
107
+ required_rubygems_version: !ruby/object:Gem::Requirement
107
108
  none: false
108
- requirements:
109
- - - ">="
110
- - !ruby/object:Gem::Version
111
- hash: 3
112
- segments:
113
- - 0
114
- version: "0"
109
+ requirements:
110
+ - - ! '>='
111
+ - !ruby/object:Gem::Version
112
+ version: '0'
115
113
  requirements: []
116
-
117
114
  rubyforge_project:
118
- rubygems_version: 1.3.7
115
+ rubygems_version: 1.8.22
119
116
  signing_key:
120
117
  specification_version: 3
121
118
  summary: A Rails authentication plugin that takes a minimalist approach.
122
- test_files:
119
+ test_files:
123
120
  - test/authentication_test.rb
124
121
  - test/authorization_test.rb
125
122
  - test/factories.rb