passwd 0.1.5 → 0.2.0

data/example/public/robots.txt

@@ -0,0 +1,5 @@
+# See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file
+#
+# To ban all spiders from the entire site uncomment the next two lines:
+# User-agent: *
+# Disallow: /

data/lib/generators/passwd/config_generator.rb

@@ -0,0 +1,13 @@
+module Passwd
+  module Generators
+    class ConfigGenerator < ::Rails::Generators::Base
+      source_root File.expand_path(File.join(File.dirname(__FILE__), "templates"))
+
+      desc "Create Passwd configuration file"
+      def create_configuration_file
+        template "passwd_config.rb", "config/initializers/passwd.rb"
+      end
+    end
+  end
+end
+

data/lib/generators/passwd/templates/passwd_config.rb

@@ -0,0 +1,41 @@
+Passwd.configure do |c|
+  # Password settings
+  # The following settings are all default values.
+
+  # Hashing algorithm
+  # Supported algorithm is :md5, :rmd160, :sha1, :sha256, :sha384 and :sha512
+  # c.algorithm = :sha512
+
+  # Random generate password length
+  # c.length = 8
+
+  # Number of hashed by stretching
+  # Not stretching if specified nil.
+  # c.stretching = nil
+
+  # Character type that is used for password
+  # c.lower = true
+  # c.upper = true
+  # c.number = true
+end
+
+Passwd.policy_configure do |c|
+  # Minimum password length
+  # c.min_length = 8
+
+  # Character types to force the use
+  # c.require_lower = true
+  # c.require_upper = false
+  # c.require_number = true
+end
+
+# Session key for authentication
+Rails.application.config.passwd.session_key = :user_id
+
+# Authentication Model Class
+Rails.application.config.passwd.authenticate_class = :User
+
+# Redirect path when not signin
+# E.G. :signin_path # Do not specify ***_url
+Rails.application.config.passwd.redirect_to = nil
+

data/lib/passwd.rb

@@ -1,10 +1,25 @@
-# coding: utf-8
-
 require "digest/sha1"
 require "digest/sha2"
 
 require "passwd/version"
 require "passwd/errors"
+require "passwd/policy"
+require "passwd/configuration"
 require "passwd/base"
+require "passwd/salt"
 require "passwd/password"
-require "passwd/active_record"
+require "passwd/railtie" if defined?(Rails)
+
+module Passwd
+  extend Base
+  extend Configuration::Writable
+
+  def self.policy_check(plain)
+    Password.from_plain(plain).valid?
+  end
+
+  def self.match?(plain, salt_hash, hash)
+    Password.from_hash(hash, salt_hash).match?(plain)
+  end
+end
+

data/lib/passwd/action_controller_ext.rb

@@ -0,0 +1,48 @@
+module Passwd
+  module ActionControllerExt
+    extend ActiveSupport::Concern
+
+    included do
+      helper_method :current_user
+    end
+
+    def current_user
+      @current_user ||= auth_class.find_by(id: session[auth_key])
+    end
+
+    def signin!(user)
+      @current_user = user
+      session[auth_key] = user.id
+    end
+
+    def signout!
+      @current_user = session[auth_key] = nil
+    end
+
+    private
+      def auth_key
+        Rails.application.config.passwd.session_key || :user_id
+      end
+
+      def auth_class
+        @_auth_class ||=
+          (Rails.application.config.passwd.authenticate_class || :User).to_s.constantize
+      end
+
+      def _redirect_path
+        _to = Rails.application.config.passwd.redirect_to
+        _to ? Rails.application.routes.url_helpers.send(_to) : nil
+      end
+
+      def require_signin
+        unless current_user
+          if _redirect_path
+            redirect_to _redirect_path
+          else
+            raise UnauthorizedAccess
+          end
+        end
+      end
+  end
+end
+

data/lib/passwd/active_record_ext.rb

@@ -0,0 +1,65 @@
+module Passwd
+  module ActiveRecordExt
+    def with_authenticate(options = {})
+      _id_key = options.fetch(:id, :email)
+      _salt_key = options.fetch(:salt, :salt)
+      _pass_key = options.fetch(:password, :password)
+
+      _define_passwd(_salt_key, _pass_key)
+      _define_singleton_auth(_id_key)
+      _define_instance_auth
+      _define_set_password(_salt_key, _pass_key)
+      _define_update_password(_salt_key, _pass_key)
+    end
+
+    private
+      def _define_passwd(_salt_key, _pass_key)
+        define_method :passwd do |cache = true|
+          return @_passwd if cache && @_passwd
+          self.reload unless self.new_record?
+          _salt, _pass = self.send(_salt_key), self.send(_pass_key)
+          if _salt.present? && _pass.present?
+            @_passwd = Passwd::Password.from_hash(_pass, _salt)
+          else
+            self.set_password
+          end
+        end
+      end
+
+      def _define_singleton_auth(_id_key)
+        define_singleton_method :authenticate do |_id, _pass|
+          _condition = Array(_id_key).map {|k| "#{k} = :id"}.join(" OR ")
+          _user = self.find_by(_condition, id: _id)
+          _user if _user && _user.passwd.match?(_pass)
+        end
+      end
+
+      def _define_instance_auth
+        define_method :authenticate do |_pass|
+          self.passwd.match?(_pass)
+        end
+      end
+
+      def _define_set_password(_salt_key, _pass_key)
+        define_method :set_password do |_pass = nil|
+          _options = _pass ? {plain: _pass} : {}
+          _passwd = Passwd::Password.new(_options)
+          self.send("#{_salt_key}=", _passwd.salt.hash)
+          self.send("#{_pass_key}=", _passwd.hash)
+          self.instance_variable_set(:@_passwd, _passwd)
+        end
+      end
+
+      def _define_update_password(_salt_key, _pass_key)
+        define_method :update_password do |_old, _new, _policy = false|
+          raise PolicyNotMatch if _policy && !Passwd.policy_check(_new)
+          if self.passwd.match?(_old)
+            self.set_password(_new)
+          else
+            raise AuthenticationFails
+          end
+        end
+      end
+  end
+end
+

data/lib/passwd/base.rb

@@ -1,76 +1,31 @@
-# coding: utf-8
-
-require "singleton"
-require "passwd/configuration/config"
-require "passwd/configuration/tmp_config"
-require "passwd/configuration/policy"
-
 module Passwd
-  @config = Config.instance
-  @policy = Policy.instance
-
   module Base
-    def create(options={})
-      if options.empty?
-        config = @config
-      else
-        config = TmpConfig.new(@config, options)
-      end
-      Array.new(config.length){config.letters[rand(config.letters.size)]}.join
-    end
-
-    def auth(password_text, salt_hash, password_hash)
-      enc_pass = Passwd.hashing("#{salt_hash}#{password_text}")
-      password_hash == enc_pass
-    end
-
-    def hashing(plain, algorithm=nil)
-      if algorithm.nil?
-        eval "Digest::#{@config.algorithm.to_s.upcase}.hexdigest \"#{plain}\""
-      else
-        eval "Digest::#{algorithm.to_s.upcase}.hexdigest \"#{plain}\""
-      end
+    def random(options = {})
+      c = PwConfig.merge(options)
+      Array.new(c.length){c.letters[rand(c.letters.size)]}.join
     end
 
-    def confirm_check(password, confirm, with_policy=false)
-      raise PasswordNotMatch, "Password not match" if password != confirm
-      return true unless with_policy
-      Passwd.policy_check(password)
-    end
+    def digest(plain, _algorithm = nil)
+      _algorithm ||= PwConfig.algorithm
 
-    def configure(options={}, &block)
-      if block_given?
-        @config.configure &block
-      else
-        if options.empty?
-          @config
-        else
-          @config.merge options
+      if PwConfig.stretching
+        _pass = plain
+        PwConfig.stretching.times do
+          _pass = digest_without_stretching(_pass, _algorithm)
         end
-      end
-    end
-    alias :config :configure
-
-    def policy_configure(&block)
-      if block_given?
-        @policy.configure &block
       else
-        @policy
+        digest_without_stretching(plain, _algorithm)
       end
     end
 
-    def policy_check(password)
-      @policy.valid?(password, @config)
+    def digest_without_stretching(plain, _algorithm = nil)
+      algorithm(_algorithm || PwConfig.algorithm).hexdigest(plain)
     end
 
-    def reset_config
-      @config.reset
-    end
-
-    def reset_policy
-      @policy.reset
-    end
+    private
+      def algorithm(_algorithm)
+        Digest.const_get(_algorithm.upcase, false)
+      end
   end
-
-  extend Base
 end
+

data/lib/passwd/configuration.rb

@@ -0,0 +1,82 @@
+module Passwd
+  class Configuration
+    KINDS = %i(lower upper number).freeze
+    LETTERS = KINDS.map {|k| "letters_#{k}".to_sym}.freeze
+
+    VALID_OPTIONS = [
+      :algorithm,
+      :length,
+      :policy,
+      :stretching,
+    ].concat(KINDS).concat(LETTERS).freeze
+
+    attr_accessor *VALID_OPTIONS
+
+    def initialize
+      reset
+    end
+
+    def configure
+      yield self
+    end
+
+    def merge(params)
+      self.dup.merge!(params)
+    end
+
+    def merge!(params)
+      params.keys.each do |key|
+        self.send("#{key}=", params[key])
+      end
+      self
+    end
+
+    KINDS.each do |kind|
+      define_method "#{kind}_chars" do
+        self.send("letters_#{kind}") || []
+      end
+    end
+
+    def letters
+      KINDS.detect {|k| self.send(k)} || (raise ConfigError, "letters is empry.")
+      LETTERS.zip(KINDS).map {|l, k|
+        self.send(l) if self.send(k)
+      }.compact.flatten
+    end
+
+    def reset
+      self.algorithm = :sha512
+      self.length = 8
+      self.policy = Policy.new
+      self.stretching = nil
+      self.lower = true
+      self.upper = true
+      self.number = true
+      self.letters_lower = ("a".."z").to_a
+      self.letters_upper = ("A".."Z").to_a
+      self.letters_number = ("0".."9").to_a
+    end
+
+    module Writable
+      def self.extended(base)
+        base.send(:include, Accessible)
+      end
+
+      def configure(options = {}, &block)
+        PwConfig.merge!(options) unless options.empty?
+        PwConfig.configure(&block) if block_given?
+      end
+
+      def policy_configure(&block)
+        PwConfig.policy.configure(&block) if block_given?
+      end
+    end
+
+    module Accessible
+      def self.included(base)
+        base.const_set(:PwConfig, Configuration.new)
+      end
+    end
+  end
+end
+

data/lib/passwd/errors.rb

@@ -1,15 +1,8 @@
-# coding: utf-8
-
 module Passwd
-  class PasswdError < StandardError
-  end
-
-  class AuthError < PasswdError
-  end
-
-  class PasswordNotMatch < PasswdError
-  end
-
-  class PolicyNotMatch < PasswdError
-  end
+  class PasswdError < StandardError; end
+  class UnauthorizedAccess < PasswdError; end
+  class PolicyNotMatch < PasswdError; end
+  class AuthenticationFails < PasswdError; end
+  class ConfigError < PasswdError; end
 end
+

data/lib/passwd/password.rb

@@ -1,41 +1,89 @@
-# coding: utf-8
-
 module Passwd
   class Password
-    attr_reader :text, :hash, :salt_text, :salt_hash
+    include Base
+
+    attr_reader :plain, :hash, :salt
+
+    def initialize(options = {})
+      options = default_options.merge(options)
+
+      if options.has_key?(:hash)
+        raise ArgumentError unless options.has_key?(:salt_hash)
+        @salt = Salt.from_hash(options[:salt_hash], self)
+        @hash = options[:hash]
+      else
+        @salt =
+          case
+          when options.has_key?(:salt_hash)
+            Salt.from_hash(options[:salt_hash], self)
+          when options.has_key?(:salt_plain)
+            Salt.from_plain(options[:salt_plain], self)
+          else
+            Salt.new(password: self)
+          end
+        self.update_plain(options[:plain])
+      end
+    end
+
+    def update_plain(value)
+      @plain = value
+      rehash
+    end
+
+    def update_hash(value, salt_hash)
+      @plain = nil
+      @hash = value
+      self.salt.update_hash(salt_hash)
+    end
+
+    def rehash
+      raise PasswdError unless self.plain
+      @hash = digest([self.salt.hash, self.plain].join)
+    end
 
-    def initialize(options={})
-      @text = options.fetch(:password, Passwd.create)
-      @salt_text = options.fetch(:salt_text, Time.now.to_s)
-      @salt_hash = Passwd.hashing(@salt_text)
-      @hash = Passwd.hashing("#{@salt_hash}#{@text}")
+    def match?(value)
+      self.hash == digest([self.salt.hash, value].join)
     end
 
-    def text=(password)
-      @hash = Passwd.hashing("#{@salt_hash}#{password}")
-      @text = password
+    def ==(other)
+      match?(other)
     end
 
-    def hash=(password_hash)
-      @text = nil
-      @hash = password_hash
+    def to_s
+      self.plain.to_s
     end
 
-    def salt_text=(salt_text)
-      @salt_hash = Passwd.hashing(salt_text)
-      @hash = Passwd.hashing("#{@salt_hash}#{@text}")
-      @salt_text = salt_text
+    def valid?
+      raise PasswdError unless self.plain
+
+      return false if PwConfig.policy.min_length > self.plain.size
+
+      Configuration::KINDS.each do |key|
+        if PwConfig.policy.send("require_#{key}")
+          return false unless include_char?(PwConfig.send("letters_#{key}"))
+        end
+      end
+      true
     end
 
-    def salt_hash=(salt_hash)
-      @salt_text = nil
-      @hash = Passwd.hashing("#{salt_hash}#{@text}")
-      @salt_hash = salt_hash
+    def self.from_plain(value, options = {})
+      new(options.merge(plain: value))
     end
 
-    def ==(password)
-      enc_pass = Passwd.hashing("#{@salt_hash}#{password}")
-      @hash == enc_pass
+    def self.from_hash(value, salt_hash)
+      new(hash: value, salt_hash: salt_hash)
     end
+
+    private
+      def default_options
+        {plain: random}
+      end
+
+      def include_char?(letters)
+        raise PasswdError unless self.plain
+        self.plain.chars.uniq.each {|c| return true if letters.include?(c)}
+        false
+      end
   end
 end
+