pipa-authmagic 0.1 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. data/lib/authmagic/exceptions.rb +0 -4
  2. data/lib/authmagic/rails.rb +1 -0
  3. data/lib/authmagic/rails/modules/login_password.rb +21 -36
  4. metadata +2 -2
data/lib/authmagic/exceptions.rb CHANGED
@@ -27,9 +27,5 @@ module Authmagic
27
27
  def initialize(msg = nil)
28
28
  super(msg || 'access denied')
29
29
  end
30
-
31
- def handle_response!(response)
32
- response.status = "403 #{self}"
33
- end
34
30
  end
35
31
  end
data/lib/authmagic/rails.rb CHANGED
@@ -5,5 +5,6 @@ class << ActionController::Base
5
5
  context = Authmagic::Context.new(modules, :application_controller => self, &block)
6
6
  metaclass.send(:define_method, :security_context) { context }
7
7
  define_method(:security_context) { self.class.security_context }
8
+ private :security_context
8
9
  end
9
10
  end
data/lib/authmagic/rails/modules/login_password.rb CHANGED
@@ -18,46 +18,31 @@ module Authmagic
18
18
  when :ci, :case_insensitive then false
19
19
  else raise 'bad :compare value'
20
20
  end
21
- password = cfg.fetch(:password_field, :password)
22
- password_set = :"#{password}="
23
- password_valid = :"#{password}_valid?"
24
- password_hash = cfg.fetch(:password_hash_field, :"#{password}_hash")
21
+ password_get = cfg.fetch(:password_field, :password)
22
+ password_set, password_var = :"#{password_get}=", :"@#{password_get}"
23
+ password_valid = :"#{password_get}_valid?"
24
+ password_hash = cfg.fetch(:password_hash_field, :"#{password_get}_hash")
25
25
  password_hash_set = :"#{password_hash}="
26
- salt = cfg.fetch(:password_salt_field, :"#{password}_salt")
27
- salt_set = :"#{salt}="
28
- encryptor = :"encrypt_#{password}"
29
- generate_salt = :"generate_#{salt}"
26
+ salt_get = cfg.fetch(:password_salt_field, :"#{password_get}_salt")
27
+ salt_set = :"#{salt_get}="
28
+ encryptor = :"encrypt_#{password_get}"
29
+ generate_salt = :"generate_#{salt_get}"
30
30
 
31
31
  digest = cfg.fetch(:digest) do
32
32
  require 'digest/sha2'
33
33
  Digest::SHA512
34
34
  end
35
35
  digest = "Digest::#{digest.camelize}".constantize unless digest.is_a?(Class)
36
- stretches = cfg.fetch(:stretches, 20)
36
+ stretches = cfg.fetch(:stretches, 100)
37
37
  salt_length = cfg.fetch(:salt_length, 64)
38
38
 
39
39
  cols = principal.columns_hash
40
- col_pass_hash, col_salt = cols[password_hash.to_s], cols[salt.to_s]
40
+ col_pass_hash, col_salt = cols[password_hash.to_s], cols[salt_get.to_s]
41
41
  raise "missing required attribute #{password_hash} from #{principal} model" unless col_pass_hash
42
- raise "missing required attribute #{salt} from #{principal} model" unless col_salt
42
+ raise "missing required attribute #{salt_get} from #{principal} model" unless col_salt
43
43
 
44
- digest_method = case col_pass_hash.type
45
- when :string
46
- :hexdigest
47
- when :binary
48
- :digest
49
- else
50
- raise "unsupported type #{col_pass_hash.type} for #{password_hash}"
51
- end
52
-
53
- secran_salt = case col_salt.type
54
- when :string
55
- :hex
56
- when :binary
57
- :random_bytes
58
- else
59
- raise "unsupported type #{col_salt.type} for #{salt}"
60
- end
44
+ hexdigest = col_pass_hash.type != :binary
45
+ secran_salt = col_salt.type == :binary ? :random_bytes : :hex
61
46
 
62
47
  principal.class_eval do
63
48
  self.class.send(:define_method, :authenticate) do |options|
@@ -66,15 +51,15 @@ module Authmagic
66
51
  ["lower(#{connection.quote_column_name(login)}) = lower(?)", options[login]]
67
52
  returning first(:conditions => conditions) do |p|
68
53
  raise AccountNotFound unless p
69
- raise BadPassword unless p.send(password_valid, options[password])
54
+ raise BadPassword unless p.send(password_valid, options[password_get])
70
55
  end
71
56
  end
72
57
 
73
- attr_reader password
58
+ attr_reader password_get
74
59
 
75
60
  define_method password_set do |passw|
76
- instance_variable_set("@#{password}", passw)
77
- send(salt_set, send(generate_salt))
61
+ instance_variable_set(password_var, passw)
62
+ send(generate_salt)
78
63
  send(password_hash_set, send(encryptor, passw))
79
64
  end
80
65
 
@@ -83,13 +68,13 @@ module Authmagic
83
68
  end
84
69
 
85
70
  define_method encryptor do |plaintext|
86
- hash = (digest.new << (send(salt) || '') << plaintext).send(digest_method)
87
- stretches.times { hash = (digest.new << hash).send(digest_method) }
88
- hash
71
+ dg, salt, hash = digest.new, send(salt_get), ''
72
+ stretches.times { hash = (dg << salt << plaintext << hash).digest! }
73
+ hexdigest ? Digest.hexencode(hash) : hash
89
74
  end
90
75
 
91
76
  define_method generate_salt do
92
- ActiveSupport::SecureRandom.send(secran_salt, salt_length)
77
+ send(salt_set, ActiveSupport::SecureRandom.send(secran_salt, salt_length))
93
78
  end
94
79
  end
95
80
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pipa-authmagic
3
3
  version: !ruby/object:Gem::Version
4
- version: "0.1"
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Igor Gunko
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2009-01-21 00:00:00 -08:00
12
+ date: 2009-01-26 00:00:00 -08:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency