password_rehasher 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -15
  3. data/lib/password_rehasher.rb +9 -7
  4. data/spec/password_rehasher_spec.rb +8 -3
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5169827d96b12add64e015006c864e49377f80f0
4
- data.tar.gz: 62a0b15caeab61c3984f3f21468943b76db0dc0c
3
+ metadata.gz: 3785e236bd7d813a1b945addcd37a9f8e066a7c1
4
+ data.tar.gz: 87563fd8c88328b15f3ac9af781c5ac2e3342d1c
5
5
  SHA512:
6
- metadata.gz: d6bf1ec18d4001703ae8b261f0d3b25438a82973757f67bea675f228ccc7b80c85fc0a49a74d04de4e58d2464c2de5f05966c7981938984bb96ab83bb40f6227
7
- data.tar.gz: e1e0a533d1e0a7f383771f61224754084e21dd64289ecb7673734406574ef06e58615479b099822cab09f3896f31f209964501e594d1da7e8c1ae87ca881a3ad
6
+ metadata.gz: db594e3b4862bb8c09fa19e50112ee4302766bbd0f655996cfadf6890087884291c89251f64ace16aa3c91d5da15c0a19011fab484b648cd36c2f8f025c3ec47
7
+ data.tar.gz: 08ef8ca01cee4be81321ac0a68cd6c7985e100494e34ab42a9805df5a97728a716d90ab69e5b2361f8ccfa44bdfe95553613514b5a975445625c42c1cba54803
data/README.md CHANGED
@@ -4,20 +4,6 @@ Password Rehasher is a temporary gem to rehash the passwords in the RPM database
4
4
 
5
5
  ## Usage
6
6
 
7
- ```ruby
8
- if (PasswordRehasher.password_valid?(plaintext_password, crypted_password)) {
9
- if (PasswordRehasher.rehash_needed?(crypted_password)) {
10
- user.crypted_password = PasswordRehasher.hash_password(plaintext_password)
11
- user.save
12
- }
13
- # user is logged in
14
- } else {
15
- # user is not logged in
16
- }
17
- ```
18
-
19
- ## Alternatively, to do all of the above if user.update_attribute("crypted_password", crypted_password) is what you want to do
20
-
21
7
  ```ruby
22
8
  if (PasswordRehasher.validate_and_rehash?(user, plaintext_password, crypted_password)) {
23
9
  # user is logged in and the password is rehashed (if necessary)
@@ -25,4 +11,6 @@ if (PasswordRehasher.validate_and_rehash?(user, plaintext_password, crypted_pass
25
11
  # user is not logged in
26
12
  }
27
13
 
28
- ```
14
+ ```
15
+
16
+ `user` needs to be an object that responds to `update_attribute` and `salt`.
data/lib/password_rehasher.rb CHANGED
@@ -2,18 +2,20 @@ require "scrypt"
2
2
  require 'digest/sha1'
3
3
 
4
4
  class PasswordRehasher
5
- VERSION = "0.2.0"
5
+ VERSION = "0.2.1"
6
6
 
7
- def self.password_valid?(plaintext_password, hashed_password)
8
- case hashed_password.length
7
+ def self.password_valid?(plaintext_password, hashed_password, salt = nil)
8
+ case hashed_password.length
9
9
  when 40
10
- hashed_password == Digest::SHA1.hexdigest(plaintext_password)
10
+ return false unless salt
11
+ hashed_password == Digest::SHA1.hexdigest("--#{salt}--#{plaintext_password}--")
11
12
  when 90
12
13
  password = SCrypt::Password.new(hashed_password)
13
14
  password == plaintext_password
14
15
  when 103
16
+ return false unless salt
15
17
  scrypt_plus_sha1_hash = hashed_password[13..-1]
16
- sha1_hashed_password = Digest::SHA1.hexdigest(plaintext_password)
18
+ sha1_hashed_password = Digest::SHA1.hexdigest("--#{salt}--#{plaintext_password}--")
17
19
  password = SCrypt::Password.new(scrypt_plus_sha1_hash)
18
20
  password == sha1_hashed_password
19
21
  else
@@ -30,7 +32,7 @@ class PasswordRehasher
30
32
  end
31
33
 
32
34
  def self.validate_and_rehash?(user, plaintext_password, hashed_password)
33
- if (plaintext_password && password_valid?(plaintext_password, hashed_password))
35
+ if (plaintext_password && password_valid?(plaintext_password, hashed_password, user.salt))
34
36
  if (rehash_needed?(hashed_password))
35
37
  user.update_attribute("crypted_password", hash_password(plaintext_password))
36
38
  end
@@ -39,4 +41,4 @@ class PasswordRehasher
39
41
  return false
40
42
  end
41
43
  end
42
- end
44
+ end
data/spec/password_rehasher_spec.rb CHANGED
@@ -2,8 +2,8 @@ describe PasswordRehasher do
2
2
  let(:plaintext_password) { "some_password" }
3
3
  let(:incorrect_plaintext_password) { "some_passwords" }
4
4
 
5
- let(:sha1_hashed_password) { "7165f6d407dc2fd68528da63260a913e71623e86" }
6
- let(:nested_hashed_password) { "nested hash: 400$8$38$e4df71f5896cd935$55ef6d79674ed4274e433e51ad75f0c80fd3599717698c46b11df7e67c5b0206" }
5
+ let(:sha1_hashed_password) { "e4f85605cb02d2223d4f30c5ef5e6c38e662ae76" }
6
+ let(:nested_hashed_password) { "nested hash: 400$8$39$bade652ec1b7cbb3$2e6efe19f8af6bb19a12ad9d62369fef50a12804f4be30bdc46c6626d3e07287" }
7
7
  let(:scrypt_hashed_password) { "400$8$38$76f69b1ead11cf5c$b0e509793a43e66d206d549cec5f039acf15b52fe965cd3b5d855408459c3ddb" }
8
8
  let(:invalid_hashed_password) { "400$8$38$76f60b1ead11cf5c$b0e509793a43e66d206d549cec5f039acf15b52fe965cd3b5d855408459c3ddb" }
9
9
 
@@ -14,7 +14,8 @@ describe PasswordRehasher do
14
14
  end
15
15
 
16
16
  describe '.password_valid?' do
17
- subject { PasswordRehasher.password_valid?(plaintext_password, hashed_password) }
17
+ subject { PasswordRehasher.password_valid?(plaintext_password, hashed_password, salt) }
18
+ let(:salt) { "random salt" }
18
19
 
19
20
  context 'with a SHA1 hash' do
20
21
  let(:hashed_password) { sha1_hashed_password }
@@ -121,4 +122,8 @@ class MockUser
121
122
  @crypted_password = value
122
123
  # attribute is always "crypted_password" for now
123
124
  end
125
+
126
+ def salt
127
+ "random salt"
128
+ end
124
129
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: password_rehasher
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - John Hyland