railsware-authlogic 2.1.6.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (126) hide show
  1. data/.gitignore +9 -0
  2. data/CHANGELOG.rdoc +345 -0
  3. data/LICENSE +20 -0
  4. data/README.rdoc +246 -0
  5. data/Rakefile +41 -0
  6. data/VERSION.yml +5 -0
  7. data/authlogic.gemspec +216 -0
  8. data/generators/session/session_generator.rb +9 -0
  9. data/generators/session/templates/session.rb +2 -0
  10. data/init.rb +1 -0
  11. data/lib/authlogic.rb +64 -0
  12. data/lib/authlogic/acts_as_authentic/base.rb +107 -0
  13. data/lib/authlogic/acts_as_authentic/email.rb +110 -0
  14. data/lib/authlogic/acts_as_authentic/logged_in_status.rb +65 -0
  15. data/lib/authlogic/acts_as_authentic/login.rb +141 -0
  16. data/lib/authlogic/acts_as_authentic/magic_columns.rb +24 -0
  17. data/lib/authlogic/acts_as_authentic/password.rb +355 -0
  18. data/lib/authlogic/acts_as_authentic/perishable_token.rb +105 -0
  19. data/lib/authlogic/acts_as_authentic/persistence_token.rb +68 -0
  20. data/lib/authlogic/acts_as_authentic/restful_authentication.rb +61 -0
  21. data/lib/authlogic/acts_as_authentic/session_maintenance.rb +139 -0
  22. data/lib/authlogic/acts_as_authentic/single_access_token.rb +65 -0
  23. data/lib/authlogic/acts_as_authentic/validations_scope.rb +32 -0
  24. data/lib/authlogic/authenticates_many/association.rb +42 -0
  25. data/lib/authlogic/authenticates_many/base.rb +55 -0
  26. data/lib/authlogic/controller_adapters/abstract_adapter.rb +67 -0
  27. data/lib/authlogic/controller_adapters/merb_adapter.rb +30 -0
  28. data/lib/authlogic/controller_adapters/rails_adapter.rb +48 -0
  29. data/lib/authlogic/controller_adapters/sinatra_adapter.rb +61 -0
  30. data/lib/authlogic/crypto_providers/aes256.rb +43 -0
  31. data/lib/authlogic/crypto_providers/bcrypt.rb +90 -0
  32. data/lib/authlogic/crypto_providers/md5.rb +34 -0
  33. data/lib/authlogic/crypto_providers/sha1.rb +35 -0
  34. data/lib/authlogic/crypto_providers/sha256.rb +50 -0
  35. data/lib/authlogic/crypto_providers/sha512.rb +50 -0
  36. data/lib/authlogic/crypto_providers/wordpress.rb +43 -0
  37. data/lib/authlogic/i18n.rb +83 -0
  38. data/lib/authlogic/i18n/translator.rb +15 -0
  39. data/lib/authlogic/random.rb +33 -0
  40. data/lib/authlogic/regex.rb +25 -0
  41. data/lib/authlogic/session/activation.rb +58 -0
  42. data/lib/authlogic/session/active_record_trickery.rb +64 -0
  43. data/lib/authlogic/session/base.rb +37 -0
  44. data/lib/authlogic/session/brute_force_protection.rb +96 -0
  45. data/lib/authlogic/session/callbacks.rb +99 -0
  46. data/lib/authlogic/session/cookies.rb +130 -0
  47. data/lib/authlogic/session/existence.rb +93 -0
  48. data/lib/authlogic/session/foundation.rb +71 -0
  49. data/lib/authlogic/session/http_auth.rb +58 -0
  50. data/lib/authlogic/session/id.rb +41 -0
  51. data/lib/authlogic/session/klass.rb +78 -0
  52. data/lib/authlogic/session/magic_columns.rb +95 -0
  53. data/lib/authlogic/session/magic_states.rb +59 -0
  54. data/lib/authlogic/session/params.rb +101 -0
  55. data/lib/authlogic/session/password.rb +240 -0
  56. data/lib/authlogic/session/perishable_token.rb +18 -0
  57. data/lib/authlogic/session/persistence.rb +70 -0
  58. data/lib/authlogic/session/priority_record.rb +34 -0
  59. data/lib/authlogic/session/scopes.rb +101 -0
  60. data/lib/authlogic/session/session.rb +62 -0
  61. data/lib/authlogic/session/timeout.rb +82 -0
  62. data/lib/authlogic/session/unauthorized_record.rb +50 -0
  63. data/lib/authlogic/session/validation.rb +82 -0
  64. data/lib/authlogic/test_case.rb +120 -0
  65. data/lib/authlogic/test_case/mock_controller.rb +45 -0
  66. data/lib/authlogic/test_case/mock_cookie_jar.rb +14 -0
  67. data/lib/authlogic/test_case/mock_logger.rb +10 -0
  68. data/lib/authlogic/test_case/mock_request.rb +19 -0
  69. data/lib/authlogic/test_case/rails_request_adapter.rb +30 -0
  70. data/rails/init.rb +1 -0
  71. data/shoulda_macros/authlogic.rb +69 -0
  72. data/test/acts_as_authentic_test/base_test.rb +18 -0
  73. data/test/acts_as_authentic_test/email_test.rb +101 -0
  74. data/test/acts_as_authentic_test/logged_in_status_test.rb +36 -0
  75. data/test/acts_as_authentic_test/login_test.rb +109 -0
  76. data/test/acts_as_authentic_test/magic_columns_test.rb +27 -0
  77. data/test/acts_as_authentic_test/password_test.rb +236 -0
  78. data/test/acts_as_authentic_test/perishable_token_test.rb +90 -0
  79. data/test/acts_as_authentic_test/persistence_token_test.rb +55 -0
  80. data/test/acts_as_authentic_test/restful_authentication_test.rb +40 -0
  81. data/test/acts_as_authentic_test/session_maintenance_test.rb +84 -0
  82. data/test/acts_as_authentic_test/single_access_test.rb +44 -0
  83. data/test/authenticates_many_test.rb +16 -0
  84. data/test/crypto_provider_test/aes256_test.rb +14 -0
  85. data/test/crypto_provider_test/bcrypt_test.rb +14 -0
  86. data/test/crypto_provider_test/sha1_test.rb +23 -0
  87. data/test/crypto_provider_test/sha256_test.rb +14 -0
  88. data/test/crypto_provider_test/sha512_test.rb +14 -0
  89. data/test/fixtures/companies.yml +5 -0
  90. data/test/fixtures/employees.yml +17 -0
  91. data/test/fixtures/projects.yml +3 -0
  92. data/test/fixtures/users.yml +24 -0
  93. data/test/i18n_test.rb +33 -0
  94. data/test/libs/affiliate.rb +7 -0
  95. data/test/libs/company.rb +6 -0
  96. data/test/libs/employee.rb +7 -0
  97. data/test/libs/employee_session.rb +2 -0
  98. data/test/libs/ldaper.rb +3 -0
  99. data/test/libs/ordered_hash.rb +9 -0
  100. data/test/libs/project.rb +3 -0
  101. data/test/libs/user.rb +5 -0
  102. data/test/libs/user_session.rb +6 -0
  103. data/test/random_test.rb +42 -0
  104. data/test/session_test/activation_test.rb +43 -0
  105. data/test/session_test/active_record_trickery_test.rb +36 -0
  106. data/test/session_test/brute_force_protection_test.rb +101 -0
  107. data/test/session_test/callbacks_test.rb +6 -0
  108. data/test/session_test/cookies_test.rb +112 -0
  109. data/test/session_test/credentials_test.rb +0 -0
  110. data/test/session_test/existence_test.rb +64 -0
  111. data/test/session_test/http_auth_test.rb +28 -0
  112. data/test/session_test/id_test.rb +17 -0
  113. data/test/session_test/klass_test.rb +40 -0
  114. data/test/session_test/magic_columns_test.rb +62 -0
  115. data/test/session_test/magic_states_test.rb +60 -0
  116. data/test/session_test/params_test.rb +53 -0
  117. data/test/session_test/password_test.rb +106 -0
  118. data/test/session_test/perishability_test.rb +15 -0
  119. data/test/session_test/persistence_test.rb +21 -0
  120. data/test/session_test/scopes_test.rb +60 -0
  121. data/test/session_test/session_test.rb +59 -0
  122. data/test/session_test/timeout_test.rb +52 -0
  123. data/test/session_test/unauthorized_record_test.rb +13 -0
  124. data/test/session_test/validation_test.rb +23 -0
  125. data/test/test_helper.rb +182 -0
  126. metadata +255 -0
@@ -0,0 +1,42 @@
1
+ module Authlogic
2
+ module AuthenticatesMany
3
+ # An object of this class is used as a proxy for the authenticates_many relationship. It basically allows you to "save" scope details
4
+ # and call them on an object, which allows you to do the following:
5
+ #
6
+ # @account.user_sessions.new
7
+ # @account.user_sessions.find
8
+ # # ... etc
9
+ #
10
+ # You can call all of the class level methods off of an object with a saved scope, so that calling the above methods scopes the user
11
+ # sessions down to that specific account. To implement this via ActiveRecord do something like:
12
+ #
13
+ # class User < ActiveRecord::Base
14
+ # authenticates_many :user_sessions
15
+ # end
16
+ class Association
17
+ attr_accessor :klass, :find_options, :id
18
+
19
+ def initialize(klass, find_options, id)
20
+ self.klass = klass
21
+ self.find_options = find_options
22
+ self.id = id
23
+ end
24
+
25
+ [:create, :create!, :find, :new].each do |method|
26
+ class_eval <<-"end_eval", __FILE__, __LINE__
27
+ def #{method}(*args)
28
+ klass.with_scope(scope_options) do
29
+ klass.#{method}(*args)
30
+ end
31
+ end
32
+ end_eval
33
+ end
34
+ alias_method :build, :new
35
+
36
+ private
37
+ def scope_options
38
+ {:find_options => find_options, :id => id}
39
+ end
40
+ end
41
+ end
42
+ end
@@ -0,0 +1,55 @@
1
+ module Authlogic
2
+ # This allows you to scope your authentication. For example, let's say all users belong to an account, you want to make sure only users
3
+ # that belong to that account can actually login into that account. Simple, just do:
4
+ #
5
+ # class Account < ActiveRecord::Base
6
+ # authenticates_many :user_sessions
7
+ # end
8
+ #
9
+ # Now you can scope sessions just like everything else in ActiveRecord:
10
+ #
11
+ # @account.user_sessions.new(*args)
12
+ # @account.user_sessions.create(*args)
13
+ # @account.user_sessions.find(*args)
14
+ # # ... etc
15
+ #
16
+ # Checkout the authenticates_many method for a list of options.
17
+ # You may also want to checkout Authlogic::ActsAsAuthentic::Scope to scope your model.
18
+ module AuthenticatesMany
19
+ module Base
20
+ # Allows you set essentially set up a relationship with your sessions. See module definition above for more details.
21
+ #
22
+ # === Options
23
+ #
24
+ # * <tt>session_class:</tt> default: "#{name}Session",
25
+ # This is the related session class.
26
+ #
27
+ # * <tt>relationship_name:</tt> default: options[:session_class].klass_name.underscore.pluralize,
28
+ # This is the name of the relationship you want to use to scope everything. For example an Account has many Users. There should be a relationship
29
+ # called :users that you defined with a has_many. The reason we use the relationship is so you don't have to repeat yourself. The relatonship
30
+ # could have all kinds of custom options. So instead of repeating yourself we essentially use the scope that the relationship creates.
31
+ #
32
+ # * <tt>find_options:</tt> default: nil,
33
+ # By default the find options are created from the relationship you specify with :relationship_name. But if you want to override this and
34
+ # manually specify find_options you can do it here. Specify options just as you would in ActiveRecord::Base.find.
35
+ #
36
+ # * <tt>scope_cookies:</tt> default: false
37
+ # By the nature of cookies they scope theirself if you are using subdomains to access accounts. If you aren't using subdomains you need to have
38
+ # separate cookies for each account, assuming a user is logging into mroe than one account. Authlogic can take care of this for you by
39
+ # prefixing the name of the cookie and sessin with the model id. You just need to tell Authlogic to do this by passing this option.
40
+ def authenticates_many(name, options = {})
41
+ options[:session_class] ||= name.to_s.classify.constantize
42
+ options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize
43
+ class_eval <<-"end_eval", __FILE__, __LINE__
44
+ def #{name}
45
+ find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.scope(:find)
46
+ find_options.delete_if { |key, value| ![:conditions, :include, :joins].include?(key.to_sym) || value.nil? }
47
+ @#{name} ||= Authlogic::AuthenticatesMany::Association.new(#{options[:session_class]}, find_options, #{options[:scope_cookies] ? "self.class.model_name.underscore + '_' + self.send(self.class.primary_key).to_s" : "nil"})
48
+ end
49
+ end_eval
50
+ end
51
+ end
52
+
53
+ ::ActiveRecord::Base.extend(Base) if defined?(::ActiveRecord)
54
+ end
55
+ end
@@ -0,0 +1,67 @@
1
+ module Authlogic
2
+ module ControllerAdapters # :nodoc:
3
+ # Allows you to use Authlogic in any framework you want, not just rails. See the RailsAdapter or MerbAdapter
4
+ # for an example of how to adapt Authlogic to work with your framework.
5
+ class AbstractAdapter
6
+ attr_accessor :controller
7
+
8
+ def initialize(controller)
9
+ self.controller = controller
10
+ end
11
+
12
+ def authenticate_with_http_basic(&block)
13
+ @auth = Rack::Auth::Basic::Request.new(controller.request.env)
14
+ if @auth.provided? and @auth.basic?
15
+ block.call(*@auth.credentials)
16
+ else
17
+ false
18
+ end
19
+ end
20
+
21
+ def cookies
22
+ controller.cookies
23
+ end
24
+
25
+ def cookie_domain
26
+ raise NotImplementedError.new("The cookie_domain method has not been implemented by the controller adapter")
27
+ end
28
+
29
+ def params
30
+ controller.params
31
+ end
32
+
33
+ def request
34
+ controller.request
35
+ end
36
+
37
+ def request_content_type
38
+ request.content_type
39
+ end
40
+
41
+ def session
42
+ controller.session
43
+ end
44
+
45
+ def responds_to_single_access_allowed?
46
+ controller.respond_to?(:single_access_allowed?, true)
47
+ end
48
+
49
+ def single_access_allowed?
50
+ controller.send(:single_access_allowed?)
51
+ end
52
+
53
+ def responds_to_last_request_update_allowed?
54
+ controller.respond_to?(:last_request_update_allowed?, true)
55
+ end
56
+
57
+ def last_request_update_allowed?
58
+ controller.send(:last_request_update_allowed?)
59
+ end
60
+
61
+ private
62
+ def method_missing(id, *args, &block)
63
+ controller.send(id, *args, &block)
64
+ end
65
+ end
66
+ end
67
+ end
@@ -0,0 +1,30 @@
1
+ module Authlogic
2
+ module ControllerAdapters
3
+ # Adapts authlogic to work with merb. The point is to close the gap between what authlogic expects and what the merb controller object
4
+ # provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
5
+ class MerbAdapter < AbstractAdapter
6
+ # Lets Authlogic know about the controller object via a before filter, AKA "activates" authlogic.
7
+ module MerbImplementation
8
+ def self.included(klass) # :nodoc:
9
+ klass.before :activate_authlogic
10
+ end
11
+
12
+ def cookie_domain
13
+ Merb::Config[:session_cookie_domain]
14
+ end
15
+
16
+ private
17
+ def activate_authlogic
18
+ Authlogic::Session::Base.controller = MerbAdapter.new(self)
19
+ end
20
+ end
21
+ end
22
+ end
23
+ end
24
+
25
+ # make sure we're running inside Merb
26
+ if defined?(Merb::Plugins)
27
+ Merb::BootLoader.before_app_loads do
28
+ Merb::Controller.send(:include, Authlogic::ControllerAdapters::MerbAdapter::MerbImplementation)
29
+ end
30
+ end
@@ -0,0 +1,48 @@
1
+ module Authlogic
2
+ module ControllerAdapters
3
+ # Adapts authlogic to work with rails. The point is to close the gap between what authlogic expects and what the rails controller object
4
+ # provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
5
+ class RailsAdapter < AbstractAdapter
6
+ class AuthlogicLoadedTooLateError < StandardError; end
7
+
8
+ def authenticate_with_http_basic(&block)
9
+ controller.authenticate_with_http_basic(&block)
10
+ end
11
+
12
+ def cookies
13
+ controller.send(:cookies)
14
+ end
15
+
16
+ def cookie_domain
17
+ @cookie_domain_key ||= Rails::VERSION::STRING >= '2.3' ? :domain : :session_domain
18
+ controller.request.session_options[@cookie_domain_key]
19
+ end
20
+
21
+ def request_content_type
22
+ request.format.to_s
23
+ end
24
+
25
+ # Lets Authlogic know about the controller object via a before filter, AKA "activates" authlogic.
26
+ module RailsImplementation
27
+ def self.included(klass) # :nodoc:
28
+ if defined?(::ApplicationController)
29
+ raise AuthlogicLoadedTooLateError.new("Authlogic is trying to prepend a before_filter in ActionController::Base to active itself" +
30
+ ", the problem is that ApplicationController has already been loaded meaning the before_filter won't get copied into your" +
31
+ " application. Generally this is due to another gem or plugin requiring your ApplicationController prematurely, such as" +
32
+ " the resource_controller plugin. The solution is to require Authlogic before these other gems / plugins. Please require" +
33
+ " authlogic first to get rid of this error.")
34
+ end
35
+
36
+ klass.prepend_before_filter :activate_authlogic
37
+ end
38
+
39
+ private
40
+ def activate_authlogic
41
+ Authlogic::Session::Base.controller = RailsAdapter.new(self)
42
+ end
43
+ end
44
+ end
45
+ end
46
+ end
47
+
48
+ ActionController::Base.send(:include, Authlogic::ControllerAdapters::RailsAdapter::RailsImplementation)
@@ -0,0 +1,61 @@
1
+ # Authlogic bridge for Sinatra
2
+ module Authlogic
3
+ module ControllerAdapters
4
+ module SinatraAdapter
5
+ class Cookies
6
+ attr_reader :request, :response
7
+
8
+ def initialize(request, response)
9
+ @request = request
10
+ @response = response
11
+ end
12
+
13
+ def delete(key, options = {})
14
+ @request.cookies.delete(key)
15
+ end
16
+
17
+ def []=(key, options)
18
+ @response.set_cookie(key, options)
19
+ end
20
+
21
+ def method_missing(meth, *args, &block)
22
+ @request.cookies.send(meth, *args, &block)
23
+ end
24
+ end
25
+
26
+ class Controller
27
+ attr_reader :request, :response, :cookies
28
+
29
+ def initialize(request, response)
30
+ @request = request
31
+ @cookies = Cookies.new(request, response)
32
+ end
33
+
34
+ def session
35
+ env['rack.session']
36
+ end
37
+
38
+ def method_missing(meth, *args, &block)
39
+ @request.send meth, *args, &block
40
+ end
41
+ end
42
+
43
+ class Adapter < AbstractAdapter
44
+ def cookie_domain
45
+ env['SERVER_NAME']
46
+ end
47
+
48
+ module Implementation
49
+ def self.included(klass)
50
+ klass.send :before do
51
+ controller = Controller.new(request, response)
52
+ Authlogic::Session::Base.controller = Adapter.new(controller)
53
+ end
54
+ end
55
+ end
56
+ end
57
+ end
58
+ end
59
+ end
60
+
61
+ Sinatra::Request.send(:include, Authlogic::ControllerAdapters::SinatraAdapter::Adapter::Implementation)
@@ -0,0 +1,43 @@
1
+ require "openssl"
2
+
3
+ module Authlogic
4
+ module CryptoProviders
5
+ # This encryption method is reversible if you have the supplied key. So in order to use this encryption method you must supply it with a key first.
6
+ # In an initializer, or before your application initializes, you should do the following:
7
+ #
8
+ # Authlogic::CryptoProviders::AES256.key = "my really long and unique key, preferrably a bunch of random characters"
9
+ #
10
+ # My final comment is that this is a strong encryption method, but its main weakness is that its reversible. If you do not need to reverse the hash
11
+ # then you should consider Sha512 or BCrypt instead.
12
+ #
13
+ # Keep your key in a safe place, some even say the key should be stored on a separate server.
14
+ # This won't hurt performance because the only time it will try and access the key on the separate server is during initialization, which only
15
+ # happens once. The reasoning behind this is if someone does compromise your server they won't have the key also. Basically, you don't want to
16
+ # store the key with the lock.
17
+ class AES256
18
+ class << self
19
+ attr_writer :key
20
+
21
+ def encrypt(*tokens)
22
+ aes.encrypt
23
+ aes.key = @key
24
+ [aes.update(tokens.join) + aes.final].pack("m").chomp
25
+ end
26
+
27
+ def matches?(crypted, *tokens)
28
+ aes.decrypt
29
+ aes.key = @key
30
+ (aes.update(crypted.unpack("m").first) + aes.final) == tokens.join
31
+ rescue OpenSSL::CipherError
32
+ false
33
+ end
34
+
35
+ private
36
+ def aes
37
+ raise ArgumentError.new("You must provide a key like #{name}.key = my_key before using the #{name}") if @key.blank?
38
+ @aes ||= OpenSSL::Cipher::Cipher.new("AES-256-ECB")
39
+ end
40
+ end
41
+ end
42
+ end
43
+ end
@@ -0,0 +1,90 @@
1
+ begin
2
+ require "bcrypt"
3
+ rescue LoadError
4
+ "sudo gem install bcrypt-ruby"
5
+ end
6
+
7
+ module Authlogic
8
+ module CryptoProviders
9
+ # For most apps Sha512 is plenty secure, but if you are building an app that stores nuclear launch codes you might want to consier BCrypt. This is an extremely
10
+ # secure hashing algorithm, mainly because it is slow. A brute force attack on a BCrypt encrypted password would take much longer than a brute force attack on a
11
+ # password encrypted with a Sha algorithm. Keep in mind you are sacrificing performance by using this, generating a password takes exponentially longer than any
12
+ # of the Sha algorithms. I did some benchmarking to save you some time with your decision:
13
+ #
14
+ # require "bcrypt"
15
+ # require "digest"
16
+ # require "benchmark"
17
+ #
18
+ # Benchmark.bm(18) do |x|
19
+ # x.report("BCrypt (cost = 10:") { 100.times { BCrypt::Password.create("mypass", :cost => 10) } }
20
+ # x.report("BCrypt (cost = 2:") { 100.times { BCrypt::Password.create("mypass", :cost => 2) } }
21
+ # x.report("Sha512:") { 100.times { Digest::SHA512.hexdigest("mypass") } }
22
+ # x.report("Sha1:") { 100.times { Digest::SHA1.hexdigest("mypass") } }
23
+ # end
24
+ #
25
+ # user system total real
26
+ # BCrypt (cost = 10): 10.780000 0.060000 10.840000 ( 11.100289)
27
+ # BCrypt (cost = 2): 0.180000 0.000000 0.180000 ( 0.181914)
28
+ # Sha512: 0.000000 0.000000 0.000000 ( 0.000829)
29
+ # Sha1: 0.000000 0.000000 0.000000 ( 0.000395)
30
+ #
31
+ # You can play around with the cost to get that perfect balance between performance and security.
32
+ #
33
+ # Decided BCrypt is for you? Just insall the bcrypt gem:
34
+ #
35
+ # gem install bcrypt-ruby
36
+ #
37
+ # Tell acts_as_authentic to use it:
38
+ #
39
+ # acts_as_authentic do |c|
40
+ # c.crypto_provider = Authlogic::CryptoProviders::BCrypt
41
+ # end
42
+ #
43
+ # You are good to go!
44
+ class BCrypt
45
+ class << self
46
+ # This is the :cost option for the BCrpyt library. The higher the cost the more secure it is and the longer is take the generate a hash. By default this is 10.
47
+ # Set this to whatever you want, play around with it to get that perfect balance between security and performance.
48
+ def cost
49
+ @cost ||= 10
50
+ end
51
+ attr_writer :cost
52
+
53
+ # Creates a BCrypt hash for the password passed.
54
+ def encrypt(*tokens)
55
+ ::BCrypt::Password.create(join_tokens(tokens), :cost => cost)
56
+ end
57
+
58
+ # Does the hash match the tokens? Uses the same tokens that were used to encrypt.
59
+ def matches?(hash, *tokens)
60
+ hash = new_from_hash(hash)
61
+ return false if hash.blank?
62
+ hash == join_tokens(tokens)
63
+ end
64
+
65
+ # This method is used as a flag to tell Authlogic to "resave" the password upon a successful login, using the new cost
66
+ def cost_matches?(hash)
67
+ hash = new_from_hash(hash)
68
+ if hash.blank?
69
+ false
70
+ else
71
+ hash.cost == cost
72
+ end
73
+ end
74
+
75
+ private
76
+ def join_tokens(tokens)
77
+ tokens.flatten.join
78
+ end
79
+
80
+ def new_from_hash(hash)
81
+ begin
82
+ ::BCrypt::Password.new(hash)
83
+ rescue ::BCrypt::Errors::InvalidHash
84
+ return nil
85
+ end
86
+ end
87
+ end
88
+ end
89
+ end
90
+ end