password_rehasher 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +3 -15
  3. data/lib/password_rehasher.rb +9 -7
  4. data/spec/password_rehasher_spec.rb +8 -3
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5169827d96b12add64e015006c864e49377f80f0
4
- data.tar.gz: 62a0b15caeab61c3984f3f21468943b76db0dc0c
3
+ metadata.gz: 3785e236bd7d813a1b945addcd37a9f8e066a7c1
4
+ data.tar.gz: 87563fd8c88328b15f3ac9af781c5ac2e3342d1c
5
5
  SHA512:
6
- metadata.gz: d6bf1ec18d4001703ae8b261f0d3b25438a82973757f67bea675f228ccc7b80c85fc0a49a74d04de4e58d2464c2de5f05966c7981938984bb96ab83bb40f6227
7
- data.tar.gz: e1e0a533d1e0a7f383771f61224754084e21dd64289ecb7673734406574ef06e58615479b099822cab09f3896f31f209964501e594d1da7e8c1ae87ca881a3ad
6
+ metadata.gz: db594e3b4862bb8c09fa19e50112ee4302766bbd0f655996cfadf6890087884291c89251f64ace16aa3c91d5da15c0a19011fab484b648cd36c2f8f025c3ec47
7
+ data.tar.gz: 08ef8ca01cee4be81321ac0a68cd6c7985e100494e34ab42a9805df5a97728a716d90ab69e5b2361f8ccfa44bdfe95553613514b5a975445625c42c1cba54803
data/README.md CHANGED
@@ -4,20 +4,6 @@ Password Rehasher is a temporary gem to rehash the passwords in the RPM database
4
4
 
5
5
  ## Usage
6
6
 
7
- ```ruby
8
- if (PasswordRehasher.password_valid?(plaintext_password, crypted_password)) {
9
- if (PasswordRehasher.rehash_needed?(crypted_password)) {
10
- user.crypted_password = PasswordRehasher.hash_password(plaintext_password)
11
- user.save
12
- }
13
- # user is logged in
14
- } else {
15
- # user is not logged in
16
- }
17
- ```
18
-
19
- ## Alternatively, to do all of the above if user.update_attribute("crypted_password", crypted_password) is what you want to do
20
-
21
7
  ```ruby
22
8
  if (PasswordRehasher.validate_and_rehash?(user, plaintext_password, crypted_password)) {
23
9
  # user is logged in and the password is rehashed (if necessary)
@@ -25,4 +11,6 @@ if (PasswordRehasher.validate_and_rehash?(user, plaintext_password, crypted_pass
25
11
  # user is not logged in
26
12
  }
27
13
 
28
- ```
14
+ ```
15
+
16
+ `user` needs to be an object that responds to `update_attribute` and `salt`.
data/lib/password_rehasher.rb CHANGED
@@ -2,18 +2,20 @@ require "scrypt"
2
2
  require 'digest/sha1'
3
3
 
4
4
  class PasswordRehasher
5
- VERSION = "0.2.0"
5
+ VERSION = "0.2.1"
6
6
 
7
- def self.password_valid?(plaintext_password, hashed_password)
8
- case hashed_password.length
7
+ def self.password_valid?(plaintext_password, hashed_password, salt = nil)
8
+ case hashed_password.length
9
9
  when 40
10
- hashed_password == Digest::SHA1.hexdigest(plaintext_password)
10
+ return false unless salt
11
+ hashed_password == Digest::SHA1.hexdigest("--#{salt}--#{plaintext_password}--")
11
12
  when 90
12
13
  password = SCrypt::Password.new(hashed_password)
13
14
  password == plaintext_password
14
15
  when 103
16
+ return false unless salt
15
17
  scrypt_plus_sha1_hash = hashed_password[13..-1]
16
- sha1_hashed_password = Digest::SHA1.hexdigest(plaintext_password)
18
+ sha1_hashed_password = Digest::SHA1.hexdigest("--#{salt}--#{plaintext_password}--")
17
19
  password = SCrypt::Password.new(scrypt_plus_sha1_hash)
18
20
  password == sha1_hashed_password
19
21
  else
@@ -30,7 +32,7 @@ class PasswordRehasher
30
32
  end
31
33
 
32
34
  def self.validate_and_rehash?(user, plaintext_password, hashed_password)
33
- if (plaintext_password && password_valid?(plaintext_password, hashed_password))
35
+ if (plaintext_password && password_valid?(plaintext_password, hashed_password, user.salt))
34
36
  if (rehash_needed?(hashed_password))
35
37
  user.update_attribute("crypted_password", hash_password(plaintext_password))
36
38
  end
@@ -39,4 +41,4 @@ class PasswordRehasher
39
41
  return false
40
42
  end
41
43
  end
42
- end
44
+ end
data/spec/password_rehasher_spec.rb CHANGED
@@ -2,8 +2,8 @@ describe PasswordRehasher do
2
2
  let(:plaintext_password) { "some_password" }
3
3
  let(:incorrect_plaintext_password) { "some_passwords" }
4
4
 
5
- let(:sha1_hashed_password) { "7165f6d407dc2fd68528da63260a913e71623e86" }
6
- let(:nested_hashed_password) { "nested hash: 400$8$38$e4df71f5896cd935$55ef6d79674ed4274e433e51ad75f0c80fd3599717698c46b11df7e67c5b0206" }
5
+ let(:sha1_hashed_password) { "e4f85605cb02d2223d4f30c5ef5e6c38e662ae76" }
6
+ let(:nested_hashed_password) { "nested hash: 400$8$39$bade652ec1b7cbb3$2e6efe19f8af6bb19a12ad9d62369fef50a12804f4be30bdc46c6626d3e07287" }
7
7
  let(:scrypt_hashed_password) { "400$8$38$76f69b1ead11cf5c$b0e509793a43e66d206d549cec5f039acf15b52fe965cd3b5d855408459c3ddb" }
8
8
  let(:invalid_hashed_password) { "400$8$38$76f60b1ead11cf5c$b0e509793a43e66d206d549cec5f039acf15b52fe965cd3b5d855408459c3ddb" }
9
9
 
@@ -14,7 +14,8 @@ describe PasswordRehasher do
14
14
  end
15
15
 
16
16
  describe '.password_valid?' do
17
- subject { PasswordRehasher.password_valid?(plaintext_password, hashed_password) }
17
+ subject { PasswordRehasher.password_valid?(plaintext_password, hashed_password, salt) }
18
+ let(:salt) { "random salt" }
18
19
 
19
20
  context 'with a SHA1 hash' do
20
21
  let(:hashed_password) { sha1_hashed_password }
@@ -121,4 +122,8 @@ class MockUser
121
122
  @crypted_password = value
122
123
  # attribute is always "crypted_password" for now
123
124
  end
125
+
126
+ def salt
127
+ "random salt"
128
+ end
124
129
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: password_rehasher
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - John Hyland