picombo-auth 0.1.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (2) hide show
  1. data/lib/picombo-auth/classes/auth.rb +72 -5
  2. metadata +18 -10
@@ -7,30 +7,97 @@
7
7
  require 'digest/sha1'
8
8
 
9
9
  module Picombo
10
+ # == Auth Class
11
+ #
12
+ # Performs user Authentication
10
13
  class Auth
11
14
  include Singleton
12
15
 
16
+ # Performs a user login
13
17
  def login(user, password)
14
- user = Picombo::Models::User.first(:username => user, :password => Digest::SHA1.hexdigest(password))
18
+ field_name = Picombo::Models::User.name_field
19
+
20
+ user = Picombo::Models::User.first(field_name => user)
15
21
 
16
22
  if user
17
- # set the session as logged in
18
- Picombo::Session.instance.set('loggedin', true)
19
- Picombo::Session.instance.set('user', user)
23
+ # Find the salt from the existing password, and compare with the provided pass
24
+ salt = Picombo::Auth.find_salt(user.password)
25
+ if Picombo::Auth.hash_password(password, salt) == user.password
26
+ # set the session as logged in
27
+ Picombo::Session.instance.set('loggedin', true)
28
+ Picombo::Session.instance.set('user', user)
20
29
 
21
- return true
30
+ return true
31
+ end
22
32
  end
23
33
 
24
34
  false
25
35
  end
26
36
 
37
+ # Logs a user out
27
38
  def logout
28
39
  Picombo::Session.instance.unset('loggedin')
29
40
  Picombo::Session.instance.unset('user')
30
41
  end
31
42
 
43
+ # gets the user from the session
44
+ def user
45
+ return nil if ! Picombo::Auth.logged_in?
46
+
47
+ Picombo::Session.instance.get('user')
48
+ end
49
+
50
+ # Determines if the current user is logged in
32
51
  def self.logged_in?
33
52
  ! Picombo::Session.instance.get('loggedin').nil?
34
53
  end
54
+
55
+ # Hashes a password using a secure salt
56
+ def self.hash_password(password, salt = false)
57
+ salt_pattern = Picombo::Config.get('auth.salt_pattern')
58
+
59
+ # Create a salt seed, same length as the number of salt offsets
60
+ salt = Digest::SHA1.hexdigest((1..8).map{|i| ('a'..'z').to_a[rand(26)]}.join)[0..salt_pattern.length - 1] if ! salt
61
+
62
+ # Password hash that the salt will be inserted into
63
+ hash = Digest::SHA1.hexdigest(salt+password)
64
+
65
+ # Change salt into an array
66
+ salt = salt.split('')
67
+
68
+ # Returned password
69
+ password = ''
70
+
71
+ # Used to calculate the length of splits
72
+ last_offset = 0
73
+
74
+ salt_pattern.each do |offset|
75
+ # Split a new part of the hash off
76
+ part = hash[0..(offset - last_offset)-1]
77
+
78
+ # Cut the current part out of the hash
79
+ hash = hash[(offset - last_offset)..hash.length]
80
+
81
+ # Add the part to the password, appending the salt character
82
+ password+=part+salt.shift
83
+
84
+ last_offset = offset
85
+ end
86
+
87
+ password+hash
88
+ end
89
+
90
+ # Finds the salt of a salted password
91
+ def self.find_salt(password)
92
+ salt = ''
93
+ salt_pattern = Picombo::Config.get('auth.salt_pattern')
94
+
95
+ salt_pattern.each_index do |i|
96
+ # Find salt characters, take a good long look...
97
+ salt+=password[salt_pattern[i]+i, 1].to_s
98
+ end
99
+
100
+ salt
101
+ end
35
102
  end
36
103
  end
metadata CHANGED
@@ -1,7 +1,12 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: picombo-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ prerelease: false
5
+ segments:
6
+ - 0
7
+ - 2
8
+ - 1
9
+ version: 0.2.1
5
10
  platform: ruby
6
11
  authors:
7
12
  - Jeremy Bush
@@ -9,11 +14,11 @@ autorequire:
9
14
  bindir: bin
10
15
  cert_chain: []
11
16
 
12
- date: 2010-04-23 00:00:00 -05:00
17
+ date: 2010-06-08 00:00:00 -05:00
13
18
  default_executable:
14
19
  dependencies: []
15
20
 
16
- description: Provides authentication classes
21
+ description: Auth module for the Picombo framework
17
22
  email: contractfrombelow@gmail.com
18
23
  executables: []
19
24
 
@@ -26,10 +31,11 @@ files:
26
31
  - lib/picombo-auth/classes/auth.rb
27
32
  - lib/picombo-auth/controllers/user.rb
28
33
  - lib/picombo-auth/models/user.rb
29
- - lib/picombo-auth/views/user
30
34
  - lib/picombo-auth/views/user/login.rhtml
31
- has_rdoc: false
35
+ has_rdoc: true
32
36
  homepage: http://www.picombo.net/
37
+ licenses: []
38
+
33
39
  post_install_message:
34
40
  rdoc_options: []
35
41
 
@@ -39,20 +45,22 @@ required_ruby_version: !ruby/object:Gem::Requirement
39
45
  requirements:
40
46
  - - ">="
41
47
  - !ruby/object:Gem::Version
48
+ segments:
49
+ - 0
42
50
  version: "0"
43
- version:
44
51
  required_rubygems_version: !ruby/object:Gem::Requirement
45
52
  requirements:
46
53
  - - ">="
47
54
  - !ruby/object:Gem::Version
55
+ segments:
56
+ - 0
48
57
  version: "0"
49
- version:
50
58
  requirements: []
51
59
 
52
60
  rubyforge_project:
53
- rubygems_version: 1.3.1
61
+ rubygems_version: 1.3.6
54
62
  signing_key:
55
- specification_version: 2
56
- summary: Auth Extensions for Picombo - A lightweight MVC web framework
63
+ specification_version: 3
64
+ summary: Auth module for the Picombo framework
57
65
  test_files: []
58
66