password_rehasher 0.2.1 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +14 -5
- data/lib/password_rehasher.rb +6 -2
- data/spec/password_rehasher_spec.rb +28 -6
- data/spec/spec_helper.rb +1 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 94368ad8a1bab6440f2386e8328bcc2ad0ba3ae1
|
|
4
|
+
data.tar.gz: 6286b64166341f8797ffc7969d47415c1b206a73
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1e77fdf6d1a5c8bbc55ba54aef8b4f030a75ef6bf3b5cf0eca491eec1b030738a7efacfaf6daebedbd26dc025910406112c82d873023e2a20556198175843095
|
|
7
|
+
data.tar.gz: 4f18018cdf9e3cacae55ae9ef8185a04db031b6e78ae034a8ea30c8f3231dfd05228e8488744dc8bd5fa68eedf4178b59d97759fd86ba1d511c7ce7722e17091
|
data/README.md
CHANGED
|
@@ -3,14 +3,23 @@
|
|
|
3
3
|
Password Rehasher is a temporary gem to rehash the passwords in the RPM database to scrypt.
|
|
4
4
|
|
|
5
5
|
## Usage
|
|
6
|
+
### To rehash individual password on login (requires plaintext password)
|
|
6
7
|
|
|
7
8
|
```ruby
|
|
8
|
-
if (PasswordRehasher.validate_and_rehash?(user, plaintext_password, crypted_password))
|
|
9
|
+
if (PasswordRehasher.validate_and_rehash?(user, plaintext_password, crypted_password))
|
|
9
10
|
# user is logged in and the password is rehashed (if necessary)
|
|
10
|
-
|
|
11
|
+
else
|
|
11
12
|
# user is not logged in
|
|
12
|
-
|
|
13
|
-
|
|
13
|
+
end
|
|
14
14
|
```
|
|
15
15
|
|
|
16
|
-
`user` needs to be an object that responds to `update_attribute` and `salt`.
|
|
16
|
+
`user` needs to be an object that responds to `update_attribute` and `salt`.
|
|
17
|
+
|
|
18
|
+
### To rehash the pre-existing SHA1 hashes without the knowlege of plaintext password
|
|
19
|
+
|
|
20
|
+
```ruby
|
|
21
|
+
if password_hash.length == 40 # All SHA1 hashes are 40, no other hashes are
|
|
22
|
+
nested_hash = PasswordRehasher.nested_hash(sha1)
|
|
23
|
+
# Write the nested hash to the DB.
|
|
24
|
+
end
|
|
25
|
+
```
|
data/lib/password_rehasher.rb
CHANGED
|
@@ -2,7 +2,7 @@ require "scrypt"
|
|
|
2
2
|
require 'digest/sha1'
|
|
3
3
|
|
|
4
4
|
class PasswordRehasher
|
|
5
|
-
VERSION = "0.2.
|
|
5
|
+
VERSION = "0.2.2"
|
|
6
6
|
|
|
7
7
|
def self.password_valid?(plaintext_password, hashed_password, salt = nil)
|
|
8
8
|
case hashed_password.length
|
|
@@ -28,7 +28,11 @@ class PasswordRehasher
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
def self.hash_password(plaintext_password)
|
|
31
|
-
SCrypt::Password.create(plaintext_password)
|
|
31
|
+
SCrypt::Password.create(plaintext_password).to_s
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def self.nested_hash(sha1_password)
|
|
35
|
+
"nested hash: #{SCrypt::Password.create(sha1_password)}"
|
|
32
36
|
end
|
|
33
37
|
|
|
34
38
|
def self.validate_and_rehash?(user, plaintext_password, hashed_password)
|
|
@@ -6,6 +6,7 @@ describe PasswordRehasher do
|
|
|
6
6
|
let(:nested_hashed_password) { "nested hash: 400$8$39$bade652ec1b7cbb3$2e6efe19f8af6bb19a12ad9d62369fef50a12804f4be30bdc46c6626d3e07287" }
|
|
7
7
|
let(:scrypt_hashed_password) { "400$8$38$76f69b1ead11cf5c$b0e509793a43e66d206d549cec5f039acf15b52fe965cd3b5d855408459c3ddb" }
|
|
8
8
|
let(:invalid_hashed_password) { "400$8$38$76f60b1ead11cf5c$b0e509793a43e66d206d549cec5f039acf15b52fe965cd3b5d855408459c3ddb" }
|
|
9
|
+
let(:salt) { "random salt" }
|
|
9
10
|
|
|
10
11
|
describe '::VERSION' do
|
|
11
12
|
subject { PasswordRehasher::VERSION }
|
|
@@ -15,7 +16,6 @@ describe PasswordRehasher do
|
|
|
15
16
|
|
|
16
17
|
describe '.password_valid?' do
|
|
17
18
|
subject { PasswordRehasher.password_valid?(plaintext_password, hashed_password, salt) }
|
|
18
|
-
let(:salt) { "random salt" }
|
|
19
19
|
|
|
20
20
|
context 'with a SHA1 hash' do
|
|
21
21
|
let(:hashed_password) { sha1_hashed_password }
|
|
@@ -57,15 +57,37 @@ describe PasswordRehasher do
|
|
|
57
57
|
end
|
|
58
58
|
end
|
|
59
59
|
|
|
60
|
+
describe '.nested_hash' do
|
|
61
|
+
subject(:nested_hash) { PasswordRehasher.nested_hash(sha1) }
|
|
62
|
+
|
|
63
|
+
context "with valid sha1 hash" do
|
|
64
|
+
let(:sha1) { sha1_hashed_password }
|
|
65
|
+
|
|
66
|
+
it "returns a valid nested hash" do
|
|
67
|
+
expect(PasswordRehasher.password_valid?(plaintext_password, nested_hash, salt)).to be_truthy
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
context "with an invalid sha1 hash" do
|
|
72
|
+
let(:sha1) { 'haha lol nope' }
|
|
73
|
+
|
|
74
|
+
it "returns invalid nested hash" do
|
|
75
|
+
expect(PasswordRehasher.password_valid?(plaintext_password, nested_hash, salt)).to be_falsey
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
|
|
60
80
|
describe '.hash_password' do
|
|
61
|
-
subject(:
|
|
81
|
+
subject(:hashed_password) { PasswordRehasher.hash_password(plaintext_password) }
|
|
82
|
+
|
|
83
|
+
it { is_expected.to be_a String }
|
|
62
84
|
|
|
63
|
-
it "returns a password
|
|
64
|
-
expect(
|
|
85
|
+
it "returns a password matching the plaintext password" do
|
|
86
|
+
expect(PasswordRehasher.password_valid?(plaintext_password, hashed_password)).to be_truthy
|
|
65
87
|
end
|
|
66
88
|
|
|
67
|
-
it "returns a password
|
|
68
|
-
expect(
|
|
89
|
+
it "returns a password that does not match a different plaintext password" do
|
|
90
|
+
expect(PasswordRehasher.password_valid?(incorrect_plaintext_password, hashed_password)).to be_falsey
|
|
69
91
|
end
|
|
70
92
|
end
|
|
71
93
|
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: password_rehasher
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- John Hyland
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-10-
|
|
12
|
+
date: 2015-10-21 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: scrypt
|