pipa-authmagic 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
|
@@ -36,6 +36,29 @@ module Authmagic
|
|
|
36
36
|
stretches = cfg.fetch(:stretches, 20)
|
|
37
37
|
salt_length = cfg.fetch(:salt_length, 64)
|
|
38
38
|
|
|
39
|
+
cols = principal.columns_hash
|
|
40
|
+
col_pass_hash, col_salt = cols[password_hash.to_s], cols[salt.to_s]
|
|
41
|
+
raise "missing required attribute #{password_hash} from #{principal} model" unless col_pass_hash
|
|
42
|
+
raise "missing required attribute #{salt} from #{principal} model" unless col_salt
|
|
43
|
+
|
|
44
|
+
digest_method = case col_pass_hash.type
|
|
45
|
+
when :string
|
|
46
|
+
:hexdigest
|
|
47
|
+
when :binary
|
|
48
|
+
:digest
|
|
49
|
+
else
|
|
50
|
+
raise "unsupported type #{col_pass_hash.type} for #{password_hash}"
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
secran_salt = case col_salt.type
|
|
54
|
+
when :string
|
|
55
|
+
:hex
|
|
56
|
+
when :binary
|
|
57
|
+
:random_bytes
|
|
58
|
+
else
|
|
59
|
+
raise "unsupported type #{col_salt.type} for #{salt}"
|
|
60
|
+
end
|
|
61
|
+
|
|
39
62
|
principal.class_eval do
|
|
40
63
|
self.class.send(:define_method, :authenticate) do |options|
|
|
41
64
|
conditions = case_sensitive ?
|
|
@@ -61,13 +84,13 @@ module Authmagic
|
|
|
61
84
|
end
|
|
62
85
|
|
|
63
86
|
define_method encryptor do |plaintext|
|
|
64
|
-
hash = (digest.new << send(salt) << plaintext).
|
|
65
|
-
stretches.times { hash = (digest.new << hash).
|
|
87
|
+
hash = (digest.new << (send(salt) || '') << plaintext).send(digest_method)
|
|
88
|
+
stretches.times { hash = (digest.new << hash).send(digest_method) }
|
|
66
89
|
hash
|
|
67
90
|
end
|
|
68
91
|
|
|
69
92
|
define_method generate_salt do
|
|
70
|
-
ActiveSupport::SecureRandom.
|
|
93
|
+
ActiveSupport::SecureRandom.send(secran_salt, salt_length)
|
|
71
94
|
end
|
|
72
95
|
end
|
|
73
96
|
end
|