ruby-drupal-hash 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/ruby_drupal_hash.rb +124 -0
- metadata +44 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 119a2aaf1ed6dfa3d5c829e8057e29dc9459ca5a
|
4
|
+
data.tar.gz: 1bd7e3462d57af151f5809808078e38136cb3d10
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 0b1a90162d1414cbf74c1aaa815f8b26ecd55413befe6d303e1dcff3439e2538df05179284dfe4b2db3f8411497745d398eb54b279b88e48a261e2b5912360ce
|
7
|
+
data.tar.gz: 9b4a372223d60653db080afb05bb1f579934127ab46a7cae1415e77a77e3c0a6ca32885f058b1d2c70c345b275567a2a2fd6e5239c3dd588074d63054b7cffe5
|
@@ -0,0 +1,124 @@
|
|
1
|
+
###############################################################################
|
2
|
+
# Copyright 2013 Ben Walding
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
# you may not use this file except in compliance with the License.
|
6
|
+
# You may obtain a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
# See the License for the specific language governing permissions and
|
14
|
+
# limitations under the License.
|
15
|
+
###############################################################################
|
16
|
+
|
17
|
+
=begin
|
18
|
+
RubyDrupalHash.verify("password1234", "$S$DeIZ1KTE.VzRvudZ5.xgOakipuMFrVyPmRdWTjAdYieWj27NMglI")
|
19
|
+
=end
|
20
|
+
class RubyDrupalHash
|
21
|
+
DRUPAL_HASH_COUNT = 15
|
22
|
+
DRUPAL_MIN_HASH_COUNT = 7
|
23
|
+
DRUPAL_MAX_HASH_COUNT = 30
|
24
|
+
DRUPAL_HASH_LENGTH = 55
|
25
|
+
ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
|
26
|
+
|
27
|
+
HASH = Digest::SHA2.new(512)
|
28
|
+
|
29
|
+
def self.is_drupal_hash?(hashed_password)
|
30
|
+
hashed_password and (hashed_password[0..3] == 'U$S$' || hashed_password[0..2] == '$S$')
|
31
|
+
end
|
32
|
+
|
33
|
+
def self.verify(password, hashed_password)
|
34
|
+
return false if password.nil? or hashed_password.nil?
|
35
|
+
return false if not is_drupal_hash?(hashed_password)
|
36
|
+
|
37
|
+
# Known as an 'upgraded' Drupal hash
|
38
|
+
if hashed_password[0..1] == 'U$'
|
39
|
+
hashed_password = hashed_password[1..-1]
|
40
|
+
password = Digest::MD5.new().hexdigest(password)
|
41
|
+
end
|
42
|
+
|
43
|
+
setting = hashed_password[0..11]
|
44
|
+
if setting[0] != '$' or setting[2] != '$'
|
45
|
+
# Wrong hash format
|
46
|
+
return false
|
47
|
+
end
|
48
|
+
|
49
|
+
count_log2 = ITOA64.index(setting[3])
|
50
|
+
|
51
|
+
if count_log2 < DRUPAL_MIN_HASH_COUNT or count_log2 > DRUPAL_MAX_HASH_COUNT
|
52
|
+
return false
|
53
|
+
end
|
54
|
+
|
55
|
+
salt = setting[4..4+7]
|
56
|
+
|
57
|
+
if salt.length != 8
|
58
|
+
return false
|
59
|
+
end
|
60
|
+
|
61
|
+
count = 2 ** count_log2
|
62
|
+
|
63
|
+
pass_hash = HASH.digest(salt + password)
|
64
|
+
|
65
|
+
1.upto(count) do |i|
|
66
|
+
pass_hash = HASH.digest(pass_hash + password)
|
67
|
+
end
|
68
|
+
|
69
|
+
hash_length = pass_hash.length
|
70
|
+
|
71
|
+
output = setting + password_base64_encode(pass_hash, hash_length)
|
72
|
+
|
73
|
+
if output.length != 98
|
74
|
+
return false
|
75
|
+
end
|
76
|
+
|
77
|
+
return output[0..(DRUPAL_HASH_LENGTH-1)] == hashed_password
|
78
|
+
end
|
79
|
+
|
80
|
+
private
|
81
|
+
def self.password_base64_encode(to_encode, count)
|
82
|
+
output = ''
|
83
|
+
i = 0
|
84
|
+
while true
|
85
|
+
value = (to_encode[i]).ord
|
86
|
+
|
87
|
+
i += 1
|
88
|
+
|
89
|
+
output = output + ITOA64[value & 0x3f]
|
90
|
+
if i < count
|
91
|
+
value |= (to_encode[i].ord) << 8
|
92
|
+
end
|
93
|
+
|
94
|
+
output = output + ITOA64[(value >> 6) & 0x3f]
|
95
|
+
|
96
|
+
if i >= count
|
97
|
+
break
|
98
|
+
end
|
99
|
+
|
100
|
+
i += 1
|
101
|
+
|
102
|
+
if i < count
|
103
|
+
value |= (to_encode[i].ord) << 16
|
104
|
+
end
|
105
|
+
|
106
|
+
output = output + ITOA64[(value >> 12) & 0x3f]
|
107
|
+
|
108
|
+
if i >= count
|
109
|
+
break
|
110
|
+
end
|
111
|
+
|
112
|
+
i += 1
|
113
|
+
|
114
|
+
output = output + ITOA64[(value >> 18) & 0x3f]
|
115
|
+
|
116
|
+
if i >= count
|
117
|
+
break
|
118
|
+
end
|
119
|
+
|
120
|
+
end
|
121
|
+
return output
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
metadata
ADDED
@@ -0,0 +1,44 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: ruby-drupal-hash
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.3
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Ben Walding
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2013-05-31 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: Basic replication of Drupal's hash routine in Ruby
|
14
|
+
email: ben@walding.com
|
15
|
+
executables: []
|
16
|
+
extensions: []
|
17
|
+
extra_rdoc_files: []
|
18
|
+
files:
|
19
|
+
- lib/ruby_drupal_hash.rb
|
20
|
+
homepage: http://github.com/bwalding/ruby-drupal-hash
|
21
|
+
licenses:
|
22
|
+
- ASL v2
|
23
|
+
metadata: {}
|
24
|
+
post_install_message:
|
25
|
+
rdoc_options: []
|
26
|
+
require_paths:
|
27
|
+
- lib
|
28
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
29
|
+
requirements:
|
30
|
+
- - '>='
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: '0'
|
33
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
34
|
+
requirements:
|
35
|
+
- - '>='
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '0'
|
38
|
+
requirements: []
|
39
|
+
rubyforge_project:
|
40
|
+
rubygems_version: 2.0.2
|
41
|
+
signing_key:
|
42
|
+
specification_version: 4
|
43
|
+
summary: Ruby Drupal Hash
|
44
|
+
test_files: []
|