picombo-auth 0.1.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/picombo-auth/classes/auth.rb +72 -5
- metadata +18 -10
|
@@ -7,30 +7,97 @@
|
|
|
7
7
|
require 'digest/sha1'
|
|
8
8
|
|
|
9
9
|
module Picombo
|
|
10
|
+
# == Auth Class
|
|
11
|
+
#
|
|
12
|
+
# Performs user Authentication
|
|
10
13
|
class Auth
|
|
11
14
|
include Singleton
|
|
12
15
|
|
|
16
|
+
# Performs a user login
|
|
13
17
|
def login(user, password)
|
|
14
|
-
|
|
18
|
+
field_name = Picombo::Models::User.name_field
|
|
19
|
+
|
|
20
|
+
user = Picombo::Models::User.first(field_name => user)
|
|
15
21
|
|
|
16
22
|
if user
|
|
17
|
-
#
|
|
18
|
-
Picombo::
|
|
19
|
-
Picombo::
|
|
23
|
+
# Find the salt from the existing password, and compare with the provided pass
|
|
24
|
+
salt = Picombo::Auth.find_salt(user.password)
|
|
25
|
+
if Picombo::Auth.hash_password(password, salt) == user.password
|
|
26
|
+
# set the session as logged in
|
|
27
|
+
Picombo::Session.instance.set('loggedin', true)
|
|
28
|
+
Picombo::Session.instance.set('user', user)
|
|
20
29
|
|
|
21
|
-
|
|
30
|
+
return true
|
|
31
|
+
end
|
|
22
32
|
end
|
|
23
33
|
|
|
24
34
|
false
|
|
25
35
|
end
|
|
26
36
|
|
|
37
|
+
# Logs a user out
|
|
27
38
|
def logout
|
|
28
39
|
Picombo::Session.instance.unset('loggedin')
|
|
29
40
|
Picombo::Session.instance.unset('user')
|
|
30
41
|
end
|
|
31
42
|
|
|
43
|
+
# gets the user from the session
|
|
44
|
+
def user
|
|
45
|
+
return nil if ! Picombo::Auth.logged_in?
|
|
46
|
+
|
|
47
|
+
Picombo::Session.instance.get('user')
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
# Determines if the current user is logged in
|
|
32
51
|
def self.logged_in?
|
|
33
52
|
! Picombo::Session.instance.get('loggedin').nil?
|
|
34
53
|
end
|
|
54
|
+
|
|
55
|
+
# Hashes a password using a secure salt
|
|
56
|
+
def self.hash_password(password, salt = false)
|
|
57
|
+
salt_pattern = Picombo::Config.get('auth.salt_pattern')
|
|
58
|
+
|
|
59
|
+
# Create a salt seed, same length as the number of salt offsets
|
|
60
|
+
salt = Digest::SHA1.hexdigest((1..8).map{|i| ('a'..'z').to_a[rand(26)]}.join)[0..salt_pattern.length - 1] if ! salt
|
|
61
|
+
|
|
62
|
+
# Password hash that the salt will be inserted into
|
|
63
|
+
hash = Digest::SHA1.hexdigest(salt+password)
|
|
64
|
+
|
|
65
|
+
# Change salt into an array
|
|
66
|
+
salt = salt.split('')
|
|
67
|
+
|
|
68
|
+
# Returned password
|
|
69
|
+
password = ''
|
|
70
|
+
|
|
71
|
+
# Used to calculate the length of splits
|
|
72
|
+
last_offset = 0
|
|
73
|
+
|
|
74
|
+
salt_pattern.each do |offset|
|
|
75
|
+
# Split a new part of the hash off
|
|
76
|
+
part = hash[0..(offset - last_offset)-1]
|
|
77
|
+
|
|
78
|
+
# Cut the current part out of the hash
|
|
79
|
+
hash = hash[(offset - last_offset)..hash.length]
|
|
80
|
+
|
|
81
|
+
# Add the part to the password, appending the salt character
|
|
82
|
+
password+=part+salt.shift
|
|
83
|
+
|
|
84
|
+
last_offset = offset
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
password+hash
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
# Finds the salt of a salted password
|
|
91
|
+
def self.find_salt(password)
|
|
92
|
+
salt = ''
|
|
93
|
+
salt_pattern = Picombo::Config.get('auth.salt_pattern')
|
|
94
|
+
|
|
95
|
+
salt_pattern.each_index do |i|
|
|
96
|
+
# Find salt characters, take a good long look...
|
|
97
|
+
salt+=password[salt_pattern[i]+i, 1].to_s
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
salt
|
|
101
|
+
end
|
|
35
102
|
end
|
|
36
103
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,12 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: picombo-auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
|
|
4
|
+
prerelease: false
|
|
5
|
+
segments:
|
|
6
|
+
- 0
|
|
7
|
+
- 2
|
|
8
|
+
- 1
|
|
9
|
+
version: 0.2.1
|
|
5
10
|
platform: ruby
|
|
6
11
|
authors:
|
|
7
12
|
- Jeremy Bush
|
|
@@ -9,11 +14,11 @@ autorequire:
|
|
|
9
14
|
bindir: bin
|
|
10
15
|
cert_chain: []
|
|
11
16
|
|
|
12
|
-
date: 2010-
|
|
17
|
+
date: 2010-06-08 00:00:00 -05:00
|
|
13
18
|
default_executable:
|
|
14
19
|
dependencies: []
|
|
15
20
|
|
|
16
|
-
description:
|
|
21
|
+
description: Auth module for the Picombo framework
|
|
17
22
|
email: contractfrombelow@gmail.com
|
|
18
23
|
executables: []
|
|
19
24
|
|
|
@@ -26,10 +31,11 @@ files:
|
|
|
26
31
|
- lib/picombo-auth/classes/auth.rb
|
|
27
32
|
- lib/picombo-auth/controllers/user.rb
|
|
28
33
|
- lib/picombo-auth/models/user.rb
|
|
29
|
-
- lib/picombo-auth/views/user
|
|
30
34
|
- lib/picombo-auth/views/user/login.rhtml
|
|
31
|
-
has_rdoc:
|
|
35
|
+
has_rdoc: true
|
|
32
36
|
homepage: http://www.picombo.net/
|
|
37
|
+
licenses: []
|
|
38
|
+
|
|
33
39
|
post_install_message:
|
|
34
40
|
rdoc_options: []
|
|
35
41
|
|
|
@@ -39,20 +45,22 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
39
45
|
requirements:
|
|
40
46
|
- - ">="
|
|
41
47
|
- !ruby/object:Gem::Version
|
|
48
|
+
segments:
|
|
49
|
+
- 0
|
|
42
50
|
version: "0"
|
|
43
|
-
version:
|
|
44
51
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
45
52
|
requirements:
|
|
46
53
|
- - ">="
|
|
47
54
|
- !ruby/object:Gem::Version
|
|
55
|
+
segments:
|
|
56
|
+
- 0
|
|
48
57
|
version: "0"
|
|
49
|
-
version:
|
|
50
58
|
requirements: []
|
|
51
59
|
|
|
52
60
|
rubyforge_project:
|
|
53
|
-
rubygems_version: 1.3.
|
|
61
|
+
rubygems_version: 1.3.6
|
|
54
62
|
signing_key:
|
|
55
|
-
specification_version:
|
|
56
|
-
summary: Auth
|
|
63
|
+
specification_version: 3
|
|
64
|
+
summary: Auth module for the Picombo framework
|
|
57
65
|
test_files: []
|
|
58
66
|
|