picombo-auth 0.1.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/picombo-auth/classes/auth.rb +72 -5
- metadata +18 -10
|
@@ -7,30 +7,97 @@
|
|
|
7
7
|
require 'digest/sha1'
|
|
8
8
|
|
|
9
9
|
module Picombo
|
|
10
|
+
# == Auth Class
|
|
11
|
+
#
|
|
12
|
+
# Performs user Authentication
|
|
10
13
|
class Auth
|
|
11
14
|
include Singleton
|
|
12
15
|
|
|
16
|
+
# Performs a user login
|
|
13
17
|
def login(user, password)
|
|
14
|
-
|
|
18
|
+
field_name = Picombo::Models::User.name_field
|
|
19
|
+
|
|
20
|
+
user = Picombo::Models::User.first(field_name => user)
|
|
15
21
|
|
|
16
22
|
if user
|
|
17
|
-
#
|
|
18
|
-
Picombo::
|
|
19
|
-
Picombo::
|
|
23
|
+
# Find the salt from the existing password, and compare with the provided pass
|
|
24
|
+
salt = Picombo::Auth.find_salt(user.password)
|
|
25
|
+
if Picombo::Auth.hash_password(password, salt) == user.password
|
|
26
|
+
# set the session as logged in
|
|
27
|
+
Picombo::Session.instance.set('loggedin', true)
|
|
28
|
+
Picombo::Session.instance.set('user', user)
|
|
20
29
|
|
|
21
|
-
|
|
30
|
+
return true
|
|
31
|
+
end
|
|
22
32
|
end
|
|
23
33
|
|
|
24
34
|
false
|
|
25
35
|
end
|
|
26
36
|
|
|
37
|
+
# Logs a user out
|
|
27
38
|
def logout
|
|
28
39
|
Picombo::Session.instance.unset('loggedin')
|
|
29
40
|
Picombo::Session.instance.unset('user')
|
|
30
41
|
end
|
|
31
42
|
|
|
43
|
+
# gets the user from the session
|
|
44
|
+
def user
|
|
45
|
+
return nil if ! Picombo::Auth.logged_in?
|
|
46
|
+
|
|
47
|
+
Picombo::Session.instance.get('user')
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
# Determines if the current user is logged in
|
|
32
51
|
def self.logged_in?
|
|
33
52
|
! Picombo::Session.instance.get('loggedin').nil?
|
|
34
53
|
end
|
|
54
|
+
|
|
55
|
+
# Hashes a password using a secure salt
|
|
56
|
+
def self.hash_password(password, salt = false)
|
|
57
|
+
salt_pattern = Picombo::Config.get('auth.salt_pattern')
|
|
58
|
+
|
|
59
|
+
# Create a salt seed, same length as the number of salt offsets
|
|
60
|
+
salt = Digest::SHA1.hexdigest((1..8).map{|i| ('a'..'z').to_a[rand(26)]}.join)[0..salt_pattern.length - 1] if ! salt
|
|
61
|
+
|
|
62
|
+
# Password hash that the salt will be inserted into
|
|
63
|
+
hash = Digest::SHA1.hexdigest(salt+password)
|
|
64
|
+
|
|
65
|
+
# Change salt into an array
|
|
66
|
+
salt = salt.split('')
|
|
67
|
+
|
|
68
|
+
# Returned password
|
|
69
|
+
password = ''
|
|
70
|
+
|
|
71
|
+
# Used to calculate the length of splits
|
|
72
|
+
last_offset = 0
|
|
73
|
+
|
|
74
|
+
salt_pattern.each do |offset|
|
|
75
|
+
# Split a new part of the hash off
|
|
76
|
+
part = hash[0..(offset - last_offset)-1]
|
|
77
|
+
|
|
78
|
+
# Cut the current part out of the hash
|
|
79
|
+
hash = hash[(offset - last_offset)..hash.length]
|
|
80
|
+
|
|
81
|
+
# Add the part to the password, appending the salt character
|
|
82
|
+
password+=part+salt.shift
|
|
83
|
+
|
|
84
|
+
last_offset = offset
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
password+hash
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
# Finds the salt of a salted password
|
|
91
|
+
def self.find_salt(password)
|
|
92
|
+
salt = ''
|
|
93
|
+
salt_pattern = Picombo::Config.get('auth.salt_pattern')
|
|
94
|
+
|
|
95
|
+
salt_pattern.each_index do |i|
|
|
96
|
+
# Find salt characters, take a good long look...
|
|
97
|
+
salt+=password[salt_pattern[i]+i, 1].to_s
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
salt
|
|
101
|
+
end
|
|
35
102
|
end
|
|
36
103
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,12 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: picombo-auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
|
|
4
|
+
prerelease: false
|
|
5
|
+
segments:
|
|
6
|
+
- 0
|
|
7
|
+
- 2
|
|
8
|
+
- 1
|
|
9
|
+
version: 0.2.1
|
|
5
10
|
platform: ruby
|
|
6
11
|
authors:
|
|
7
12
|
- Jeremy Bush
|
|
@@ -9,11 +14,11 @@ autorequire:
|
|
|
9
14
|
bindir: bin
|
|
10
15
|
cert_chain: []
|
|
11
16
|
|
|
12
|
-
date: 2010-
|
|
17
|
+
date: 2010-06-08 00:00:00 -05:00
|
|
13
18
|
default_executable:
|
|
14
19
|
dependencies: []
|
|
15
20
|
|
|
16
|
-
description:
|
|
21
|
+
description: Auth module for the Picombo framework
|
|
17
22
|
email: contractfrombelow@gmail.com
|
|
18
23
|
executables: []
|
|
19
24
|
|
|
@@ -26,10 +31,11 @@ files:
|
|
|
26
31
|
- lib/picombo-auth/classes/auth.rb
|
|
27
32
|
- lib/picombo-auth/controllers/user.rb
|
|
28
33
|
- lib/picombo-auth/models/user.rb
|
|
29
|
-
- lib/picombo-auth/views/user
|
|
30
34
|
- lib/picombo-auth/views/user/login.rhtml
|
|
31
|
-
has_rdoc:
|
|
35
|
+
has_rdoc: true
|
|
32
36
|
homepage: http://www.picombo.net/
|
|
37
|
+
licenses: []
|
|
38
|
+
|
|
33
39
|
post_install_message:
|
|
34
40
|
rdoc_options: []
|
|
35
41
|
|
|
@@ -39,20 +45,22 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
39
45
|
requirements:
|
|
40
46
|
- - ">="
|
|
41
47
|
- !ruby/object:Gem::Version
|
|
48
|
+
segments:
|
|
49
|
+
- 0
|
|
42
50
|
version: "0"
|
|
43
|
-
version:
|
|
44
51
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
45
52
|
requirements:
|
|
46
53
|
- - ">="
|
|
47
54
|
- !ruby/object:Gem::Version
|
|
55
|
+
segments:
|
|
56
|
+
- 0
|
|
48
57
|
version: "0"
|
|
49
|
-
version:
|
|
50
58
|
requirements: []
|
|
51
59
|
|
|
52
60
|
rubyforge_project:
|
|
53
|
-
rubygems_version: 1.3.
|
|
61
|
+
rubygems_version: 1.3.6
|
|
54
62
|
signing_key:
|
|
55
|
-
specification_version:
|
|
56
|
-
summary: Auth
|
|
63
|
+
specification_version: 3
|
|
64
|
+
summary: Auth module for the Picombo framework
|
|
57
65
|
test_files: []
|
|
58
66
|
|