RubyGems - salt-and-pepper - Versions diffs - 0.2.2 - Mend

salt-and-pepper 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

data/.gitignore +4 -0
data/Gemfile +4 -0
data/README.textile +138 -0
data/Rakefile +4 -0
data/lib/salt-and-pepper.rb +12 -0
data/lib/salt_pepper/hashed_string.rb +99 -0
data/lib/salt_pepper/model_extensions.rb +82 -0
data/lib/salt_pepper/random.rb +46 -0
data/lib/version.rb +3 -0
data/salt-and-pepper.gemspec +24 -0
data/spec/hashed_string_spec.rb +151 -0
data/spec/model_extensions_spec.rb +275 -0
data/spec/random_spec.rb +79 -0
data/spec/spec_helper.rb +1 -0
metadata +112 -0

data/.gitignore ADDED Viewed

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/Gemfile ADDED Viewed

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+# Specify your gem's dependencies in salt-and-pepper.gemspec
+gemspec

data/README.textile ADDED Viewed

@@ -0,0 +1,138 @@
+h1. Salt and Pepper
+Provides automatic password hashing for ActiveRecord (>= 3.0) and a couple of methods for generating random strings, tokens, etc.
+Features:
+* Mark columns for auto-hashing with a single line of code.
+* Automatic salting of hashes. No separate column is required for the salt.
+* Does not break validations on the hashed columns (only a small change is required).
+* Super easy hash verification.
+* Tested using RSpec 2
+<code>Digest::SHA256</code> is used for hashing and <code>ActiveRecord::SecureRandom</code> is used for generating random stuff.
+h2. Installation
+Just add it to your Gemfile and run <code>bundle install</code>:
+<pre>
+gem "salt-and-pepper"
+</pre>
+h2. Usage
+To enable automatic hashing for a column, call <code>hash_column</code> in your model:
+<pre>
+class User < ActiveRecord::Base
+  hash_column :password
+end
+</pre>
+You can specify multiple columns in one line or in separate lines:
+<pre>
+class User < ActiveRecord::Base
+  hash_column :password, :security_token
+  # or
+  hash_column :password
+  hash_column :security_token
+end
+</pre>
+h3. Options
+You can pass the <code>:length</code> option to change the length of the stored hash.
+Numbers between 96 and 192 are accepted, the default value is 128. Make sure the database column can store a string that long!
+<pre>
+# set length for both columns
+hash_column :password, :security_token, :length => 100
+# or adjust them individually
+hash_column :password, :length => 160
+hash_column :secret, :length => 120
+</pre>
+By default, blank _(= empty or whitespace-only)_ strings will be converted to <code>nil</code>, and will not be hashed.
+If you _really_ want blank strings to be hashed, use the <code>:hash_blank_strings</code> option:
+<pre>
+# Default behavior:
+#                    nil => nil
+#           empty string => nil
+# whitespace-only string => nil
+hash_column :password, :hash_blank_strings => true
+# New behavior:
+#                    nil => nil
+#           empty string => 77c0a93ad8e5f42cf676...
+# whitespace-only string => 1b8d091174299844b1a4...
+</pre>
+h3. Verification
+Just compare the two values:
+<pre>
+if @user.password == "secret"
+  # password is valid
+end
+</pre>
+A full example:
+<pre>
+# app/models/user.rb
+class User < ActiveRecord::Base
+  hash_column :password
+end
+# app/controllers/sessions_controller.rb
+def create
+  @user = User.find_by_username(params[:username])
+  if @user.present? && @user.password == params[:password]
+    # login user here
+  else
+    redirect_to new_session_path, :alert => "Invalid username or password."
+  end
+end
+</pre>
+h3. Validating hashed columns
+Salt and Pepper provides the <code>validate_[column]?</code> method for deciding whether validations on the column should be performed.
+Use it to prevent running your sophisticated length-checking algorithms on a 128-character hash :). Skipping validation of hashed values is safe because they were already checked at the time they were set.
+<pre>
+class User < ActiveRecord::Base
+  encrypt :password
+  validates :password, :length => { :within => 6..100 }, :if => :validate_password?
+end
+</pre>
+h3. Generating random stuff
+Salt and Pepper has a couple of handy methods for generating random numbers, codes, tokens, etc:
+<pre>
+SaltPepper.number(6)                                  # => 4     (identical to: 0..5)
+SaltPepper.number(10..20)                             # => 11
+SaltPepper.alpha_code                                 # => "SNPBJSDG"
+SaltPepper.alpha_code(4)                              # => "FKNP"
+SaltPepper.numeric_code                               # => "01570475"
+SaltPepper.numeric_code(20)                           # => "70110124996934848762"
+SaltPepper.code                                       # => "29Y3WSEC"     (alphanumeric)
+SaltPepper.code(5)                                    # => "89U1F"
+SaltPepper.code(10, 'a'..'z')                         # => "mqxeozlelw"
+SaltPepper.code(15, (0..1).to_a + ('a'..'b').to_a)    # => "0ab1b0b1b01a0a1"
+SaltPepper.token                                      # => "a0d5828f79e9e22dbc1f896e49f8183a"
+SaltPepper.token(16)                                  # => "caa4a085edb19499"
+</pre>
+h2. License
+Released under the MIT license.
+Copyright (C) Máté Solymosi 2011

data/Rakefile ADDED Viewed

@@ -0,0 +1,4 @@
+require 'bundler'
+require 'rspec/core/rake_task'
+Bundler::GemHelper.install_tasks

data/lib/salt-and-pepper.rb ADDED Viewed

@@ -0,0 +1,12 @@
+require "active_support"
+require "active_support/core_ext"
+require "active_record"
+require "salt_pepper/random"
+require "salt_pepper/hashed_string"
+require "salt_pepper/model_extensions"
+module SaltPepper
+	class ArgumentError < ArgumentError; end
+	class ValueHashedError < ArgumentError; end
+end

data/lib/salt_pepper/hashed_string.rb ADDED Viewed

@@ -0,0 +1,99 @@
+module SaltPepper
+	class HashedString
+		DefaultOptions = { :length => 128 }
+		Length = 96..192
+		attr_reader :hsh, :salt
+		def initialize(str, options = DefaultOptions)
+			raise ArgumentError, "Input must be a String" unless str.is_a?(String)
+			options.reverse_merge! DefaultOptions
+			HashedString.check_options! options
+			@salt = SaltPepper::Random.salt(options[:length])
+			@hsh = HashedString.hsh(str, @salt)
+		end
+		def to_s
+			""
+		end
+		def to_yaml
+			result
+		end
+		def result
+			hsh + salt
+		end
+		def inspect
+			result.inspect
+		end
+		def ==(obj)
+			return self.eql?(obj) if obj.is_a?(HashedString)
+			return HashedString.hsh(obj, @salt) == @hsh if obj.is_a?(String)
+			false
+		end
+		def eql?(other)
+			result == other.result
+		end
+		def set_attributes(h, s)
+			@hsh, @salt = h, s
+		end
+		def self.from_hash(h)
+			raise ArgumentError, "Hash must be a String or a HashedString" unless h.is_a?(String) || h.is_a?(HashedString)
+			h = h.result if h.is_a?(HashedString)
+			raise ArgumentError, "Length should be within #{Length.inspect}" unless Length.include?(h.length)
+			hs = h[0...64]
+			sl = h[64...h.length]
+			n = HashedString.new("")
+			n.set_attributes(hs, sl)
+			n
+		end
+		def length
+			self.class.raise_value_hashed_error
+		end
+		def =~(regexp)
+			self.class.raise_value_hashed_error
+		end
+		protected
+		def self.hsh(password, salt)
+			Digest::SHA256.hexdigest(password + salt)
+		end
+		private
+		def self.check_options!(options)
+			options.each do |name, value|
+				case name.to_s
+					when "length" then
+						raise ArgumentError, "Length should be a Fixnum" unless value.is_a?(Fixnum)
+						raise ArgumentError, "Length should be within #{Length.inspect}" unless Length.include?(value)
+					else
+						raise ArgumentError, "Invalid option: #{name.to_s}"
+				end
+			end
+			true
+		end
+		def self.raise_value_hashed_error
+			raise SaltPepper::ValueHashedError, "This attribute is currently hashed, so it cannot be accessed or validated. Add :if => :validate_[column name]? to your validator to prevent it from running when the attribute is hashed."
+		end
+	end
+end
+class String
+	def ==(obj)
+		return obj == self if obj.is_a?(SaltPepper::HashedString)
+		super
+	end
+end

data/lib/salt_pepper/model_extensions.rb ADDED Viewed

@@ -0,0 +1,82 @@
+module SaltPepper
+	module ModelExtensions
+		DefaultHashColumnOptions = { :length => SaltPepper::HashedString::DefaultOptions[:length], :hash_blank_strings => false }
+		module ClassMethods
+			def hashed_columns
+				read_inheritable_attribute :hashed_columns
+			end
+			def hash_column(*args)
+				options = args.extract_options!
+				options.keys.each { |k| raise ArgumentError, "Invalid option: #{k.to_s}" unless DefaultHashColumnOptions.keys.include?(k.to_sym) }
+				raise ArgumentError, "No columns specified" if args.empty?
+				raise ArgumentError, "Primary key cannot be hashed" if (["id", self.primary_key] - (args.map { |a| a.to_s })).length < 2
+				args.each do |arg|
+					raise ArgumentError, "Column name should be a symbol or a string" unless arg.is_a?(String) || arg.is_a?(Symbol)
+					raise ArgumentError, "'#{arg.to_s}' is not a valid column name" unless self.column_names.include?(arg.to_s)
+					write_inheritable_hash(:hashed_columns, { arg.to_sym => options.symbolize_keys.reverse_merge(DefaultHashColumnOptions) })
+					self.cached_attributes.delete arg.to_s
+					self.class_eval <<-EVAL
+						def validate_#{arg.to_s}?
+							!hashed?("#{arg.to_s}")
+						end
+					EVAL
+				end
+				if !self._save_callbacks.map { |c| c.filter.to_sym }.include?(:hash_before_save)
+					self.before_save :hash_before_save
+				end
+			end
+		end
+		def self.included(klass)
+			klass.extend(ClassMethods)
+			klass.write_inheritable_hash(:hashed_columns, {})
+			klass.instance_eval <<-EVAL
+				after_initialize :initialize_hashed_columns
+			EVAL
+		end
+		private
+		def hash_before_save
+			self.class.hashed_columns.each do |column, options|
+				next if hashed?(column)
+				@attributes[column.to_s] = nil if read_attribute(column).blank? && !options[:hash_blank_strings]
+				perform_hashing_on_column(column, options[:length]) unless read_attribute(column).nil?
+			end
+		end
+		def perform_hashing_on_column(column, length)
+			@attributes[column.to_s] = HashedString.new(read_attribute(column), :length => length)
+		end
+		def convert_column_to_hashed_string(column)
+			@attributes[column.to_s] = HashedString.from_hash(read_attribute(column))
+		end
+		def hashed?(column)
+			read_attribute(column.to_s).is_a?(HashedString)
+		end
+		def initialize_hashed_columns
+			unless self.new_record?
+				self.class.hashed_columns.keys.each do |k|
+					convert_column_to_hashed_string(k) unless read_attribute(k).blank?
+				end
+			end
+		end
+	end
+end
+ActiveSupport.on_load :active_record do
+	class ActiveRecord::Base
+		include SaltPepper::ModelExtensions
+	end
+end

data/lib/salt_pepper/random.rb ADDED Viewed

@@ -0,0 +1,46 @@
+module SaltPepper
+	module Random
+		def self.token(size = 32)
+			hex(size)
+		end
+		def self.code(size = 8, chars = ('A'..'Z').to_a + (0..9).to_a)
+			chars = chars.to_a if chars.is_a?(Range)
+			chars = chars.chars.to_a.uniq if chars.is_a?(String)
+			(1..size).map { chars[self.number(chars.length)] }.join
+		end
+		def self.numeric_code(size = 8)
+			self.code(size, 0..9)
+		end
+		def self.alpha_code(size = 8)
+			self.code(size, 'A'..'Z')
+		end
+		def self.number(max_or_range)
+			return max_or_range.begin + ActiveSupport::SecureRandom.random_number(max_or_range.end - max_or_range.begin + 1) if max_or_range.is_a?(Range)
+			ActiveSupport::SecureRandom.random_number(max_or_range)
+		end
+		private
+		def self.salt(size = DefaultOptions[:length])
+			hex(size - 64)
+		end
+		def self.hex(size)
+			ActiveSupport::SecureRandom.hex(size / 2)
+		end
+	end
+	(Random.methods(false) - Random.private_methods(false)).each do |m|
+		module_eval <<-EVAL, __FILE__, __LINE__
+			def self.#{m}(*args)
+				Random.#{m}(*args)
+			end
+		EVAL
+	end
+end

data/lib/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module SaltPepper
+  VERSION = "0.2.2"
+end

data/salt-and-pepper.gemspec ADDED Viewed

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "version"
+Gem::Specification.new do |s|
+	s.name        = "salt-and-pepper"
+	s.version     = SaltPepper::VERSION
+	s.platform    = Gem::Platform::RUBY
+	s.authors     = ["Mate Solymosi"]
+	s.email       = ["mate@solymosi.eu"]
+	s.homepage    = "http://github.com/SMWEB/salt-and-pepper"
+	s.summary     = %q{Super easy password salting and hashing for ActiveRecord (Rails)}
+	s.description = %q{Super easy password salting and hashing for ActiveRecord (Rails)}
+	s.rubyforge_project = "salt-and-pepper"
+	s.files         = `git ls-files`.split("\n")
+	s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+	s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+	s.require_paths = ["lib"]
+	s.add_dependency("activesupport", ">= 3.0.0")
+	s.add_dependency("activerecord", ">= 3.0.0")
+end

data/spec/hashed_string_spec.rb ADDED Viewed

@@ -0,0 +1,151 @@
+require File.expand_path('spec_helper.rb', File.dirname(__FILE__))
+describe SaltPepper::HashedString do
+	before(:each) do
+		@hash = SaltPepper::HashedString.new("secret")
+	end
+	describe "initialize" do
+		it "raises error invalid parameters" do
+			lambda { SaltPepper::HashedString.new(nil) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.new(3) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.new([]) }.should raise_error(SaltPepper::ArgumentError)
+		end
+		it "accepts valid parameters" do
+			lambda { SaltPepper::HashedString.new("") }.should_not raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.new("secret") }.should_not raise_error(SaltPepper::ArgumentError)
+		end
+		it "generates a valid salt with default length" do
+			@hash.salt.length.should == SaltPepper::HashedString::DefaultOptions[:length] - 64
+		end
+		it "generates a valid salt with custom length" do
+			SaltPepper::HashedString.new("secret", :length => 192).salt.length.should == 128
+		end
+		it "raises error for invalid options" do
+			lambda { SaltPepper::HashedString.new("secret", :length => 95) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.new("secret", :length => 197) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.new("secret", :length => true) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.new("secret", :length => "oops") }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.new("secret", :oops => true) }.should raise_error(SaltPepper::ArgumentError)
+		end
+		it "hashes the input string" do
+			@hash.hsh.should_not be_blank
+		end
+	end
+	describe "hsh" do
+		it "returns the hash" do
+			@hash.hsh.should == @hash.result[0...64]
+		end
+	end
+	describe "salt" do
+		it "returns the salt" do
+			@hash.salt.should == @hash.result[64...128]
+		end
+	end
+	describe "to_s" do
+		it "returns empty string" do
+			@hash.to_s.should == ""
+		end
+	end
+	describe "to_yaml" do
+		it "returns the result" do
+			@hash.to_yaml.should == @hash.result
+		end
+	end
+	describe "inspect" do
+		it "returns result.inspect" do
+			@hash.inspect.should == @hash.result.inspect
+		end
+	end
+	describe "set_attributes" do
+		it "sets attributes correctly" do
+			@hash.set_attributes("hehe", "haha")
+			@hash.hsh.should == "hehe"
+			@hash.salt.should == "haha"
+		end
+	end
+	describe "==" do
+		it "returns true if String is given and verification succeeds" do
+			@hash.should == "secret"
+		end
+		it "returns false if String is given and verification fails" do
+			@hash.should_not == "oops"
+		end
+		it "returns true if another HashedString is given and they match" do
+			h = SaltPepper::HashedString.from_hash(@hash)
+			@hash.should == h
+		end
+		it "returns false if another HashedString is given but they don't match" do
+			h = SaltPepper::HashedString.new("oops")
+			@hash.should_not == h
+		end
+		it "returns false if something other than a String or HashedString is given" do
+			@hash.should_not == 10
+			@hash.should_not == []
+			@hash.should_not == {}
+		end
+	end
+	describe "from_hash" do
+		before(:each) do
+			@f = SaltPepper::HashedString.from_hash(@hash)
+		end
+		it "raises error for invalid parameters" do
+			lambda { SaltPepper::HashedString.from_hash(nil) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.from_hash(10) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.from_hash("o" * 95) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.from_hash("o" * 197) }.should raise_error(SaltPepper::ArgumentError)
+		end
+		it "separates the hash and the salt correctly" do
+			@f.hsh.should == @hash.hsh
+			@f.salt.should == @hash.salt
+			@f.should == @hash
+			@f.should == "secret"
+		end
+	end
+	describe "eql?" do
+		it "works correctly" do
+			SaltPepper::HashedString.from_hash(@hash.result).eql?(@hash).should == true
+		end
+	end
+	describe "String extension" do
+		it "works correctly" do
+			"secret".should == @hash
+		end
+	end
+	describe "validation help messages" do
+		it "work correctly" do
+			lambda { @hash.length }.should raise_error(SaltPepper::ValueHashedError)
+			lambda { @hash =~ /.*/ }.should raise_error(SaltPepper::ValueHashedError)
+		end
+	end
+end

data/spec/model_extensions_spec.rb ADDED Viewed

@@ -0,0 +1,275 @@
+require File.expand_path('spec_helper.rb', File.dirname(__FILE__))
+describe SaltPepper::ModelExtensions do
+	before(:each) do
+		ActiveRecord::Base.establish_connection :adapter => "sqlite3", :database => ":memory:"
+		ActiveRecord::Base.connection.create_table :users do |t|
+			t.string :password
+			t.string :token
+			t.string :required, :null => false, :default => "something"
+		end
+		class User; end
+		@user = Class.new(ActiveRecord::Base) do
+			self.table_name = "users"
+			@_model_name = ActiveModel::Name.new(User)
+		end
+	end
+	describe "included?" do
+		it "should have SaltPepper::ModelExtensions included" do
+			@user.included_modules.include?(SaltPepper::ModelExtensions)
+		end
+		it "should add the hash_column class method to the class it's included in" do
+			@user.respond_to?("hash_column").should == true
+		end
+	end
+	describe "hash_column" do
+		it "should add a single attribute to the list" do
+			@user.hash_column :password
+			@user.hashed_columns.count.should == 1
+			@user.hashed_columns.keys.include?(:password).should == true
+		end
+		it "should add multiple attributes to the list" do
+			@user.hash_column :password, :token
+			@user.hashed_columns.count.should == 2
+			@user.hashed_columns.keys.include?(:password).should == true
+			@user.hashed_columns.keys.include?(:token).should == true
+		end
+		it "should work properly when called multiple times" do
+			@user.hash_column :password
+			@user.hash_column :token
+			@user.hashed_columns.count.should == 2
+			@user.hashed_columns.keys.include?(:password).should == true
+			@user.hashed_columns.keys.include?(:token).should == true
+		end
+		it "should allow valid parameters" do
+			@user.hash_column :password, :length => 100, :hash_blank_strings => true
+			@user.hashed_columns.count.should == 1
+			@user.hashed_columns[:password].should == { :length => 100, :hash_blank_strings => true }
+		end
+		it "should apply defaults for unset options" do
+			@user.hash_column :password
+			@user.hashed_columns[:password].should == SaltPepper::ModelExtensions::DefaultHashColumnOptions
+		end
+		it "should not add the same attribute twice" do
+			2.times { @user.hash_column :password }
+			@user.hashed_columns.count.should == 1
+		end
+		it "should not add an attribute without an existing column to the list" do
+			lambda { @user.hash_column :oops }.should raise_error(ArgumentError)
+			@user.hashed_columns.should be_empty
+		end
+		it "should not allow invalid parameters" do
+			lambda { @user.hash_column :password, :oops => true }.should raise_error(ArgumentError)
+		end
+		it "should not allow primary key column to be hashed" do
+			lambda { @user.hash_column :id }.should raise_error(ArgumentError)
+		end
+		it "should delete attribute from cached attributes list when present" do
+			@user.cached_attributes.add "password"
+			@user.hash_column :password
+			@user.cached_attributes.include?("password").should == false
+		end
+	end
+	describe "after_initialize" do
+		before(:each) do
+			@user.hash_column :password
+			@u = @user.new
+		end
+		it "should replace the hashed values to a HashedString if not empty and not new_record?" do
+			@u.password = "secret"
+			@u.save!
+			@u = @user.first
+			@u.password.is_a?(SaltPepper::HashedString).should == true
+			@u.password.respond_to?(:result).should == true
+			@u.password.should == "secret"
+		end
+		it "should not replace empty values to a HashedString" do
+			@u.password.is_a?(SaltPepper::HashedString).should == false
+			@u.save!
+			@u = @user.first
+			@u.password.is_a?(SaltPepper::HashedString).should == false
+		end
+	end
+	describe "column hashing on save" do
+		it "hashes column on save" do
+			@user.hash_column :password
+			@u = @user.new
+			@u.password.should == nil
+			@u.validate_password?.should == true
+			@u.password = "secret"
+			@u.password.class.should == String
+			@u.password.should == "secret"
+			@u.validate_password?.should == true
+			@u.save!
+			@u.password.class.should == SaltPepper::HashedString
+			@u.password.should == "secret"
+			@u.password.should_not == "oops"
+			@u.validate_password?.should == false
+		end
+		it "does not rehash column if its value was not changed" do
+			@user.hash_column :password
+			@u = @user.new
+			@u.password = "secret"
+			@u.save!
+			@u.validate_password?.should == false
+			@u.save!
+			@u.validate_password?.should == false
+			@u.password.should == "secret"
+			@u.password = @u.password
+			@u.validate_password?.should == false
+			@u.save!
+			@u.password.should == "secret"
+		end
+		it "does not hash column if it is nil or blank" do
+			@user.hash_column :password
+			@u = @user.new
+			@u.save!
+			@u.password.should be_nil
+			@u.validate_password?.should == true
+			@u.password = ""
+			@u.save!
+			@u.password.should be_nil
+			@u.validate_password?.should == true
+			@u.password = "secret"
+			@u.save!
+			@u.validate_password?.should == false
+			@u.password.should == "secret"
+			@u.password = ""
+			@u.save!
+			@u.password.should be_nil
+			@u.validate_password?.should == true
+			@u.password = nil
+			@u.save!
+			@u.password.should be_nil
+			@u.validate_password?.should == true
+		end
+		it "correctly hashes columns with :hash_blank_strings => true" do
+			@user.hash_column :password, :hash_blank_strings => true
+			@u = @user.new
+			@u.password = nil
+			@u.save!
+			@u.password.should be_nil
+			@u.validate_password?.should == true
+			@u.password = "secret"
+			@u.save!
+			@u.validate_password?.should == false
+			@u.password = ""
+			@u.save!
+			@u.password.should == ""
+			@u.password.class.should == SaltPepper::HashedString
+		end
+		it "works with validations on the column" do
+			@user.hash_column :password
+			@user.validates :password, :presence => true, :length => { :within => 5..10 }, :if => :validate_password?
+			@u = @user.new
+			@u.password = ""
+			@u.save.should == false
+			@u.password = "abc"
+			@u.save.should == false
+			@u.password = "ooooooooops"
+			@u.save.should == false
+			@u.password = "secret"
+			@u.save.should == true
+			@u.save.should == true
+			@u.password = @u.password
+			@u.save.should == true
+			@u = @user.first
+			@u.save.should == true
+			@u.password = "abc"
+			@u.save.should == false
+		end
+		it "works with multiple columns" do
+			@user.hash_column :password, :token
+			@u = @user.new
+			@u.password = "secret"
+			@u.save!
+			@u.password.should == "secret"
+			@u.token.should be_nil
+			@u.token = "other"
+			@u.save!
+			@u.password.should == "secret"
+			@u.token.should == "other"
+			@u.save!
+			@u.password.should == "secret"
+			@u.token.should == "other"
+		end
+		it "remains in a consistent state if saving fails" do
+			@user.hash_column :password
+			@u = @user.new
+			@u.required = nil
+			@u.password = "secret"
+			@u.save! rescue nil
+			@u.password.should == "secret"
+			@u.validate_password?.should == false
+			@u.required = "something"
+			@u.save!
+			@u.password.should == "secret"
+			@u.validate_password?.should == false
+		end
+		it "works with finds" do
+			@user.hash_column :password
+			@u = @user.new
+			@u.password = "secret"
+			@u.save
+			@v = @user.first
+			@v.validate_password?.should == false
+			@u.password.should == "secret"
+			@v.password = nil
+			@v.save
+			@w = @user.first
+			@w.validate_password?.should == true
+			@w.password.should be_nil
+		end
+		it "works with change tracking" do
+			@user.hash_column :password
+			@u = @user.new
+			@u.password = "secret"
+			@u.save
+			@u = @user.first
+			@u.changed_attributes.count.should be_zero
+			@u.password = @u.password
+			@u.reset_password!
+			@u.password.class.should == SaltPepper::HashedString
+			@u.password = "other"
+			@u.reset_password!
+			@u.password.class.should == SaltPepper::HashedString
+			@u.validate_password?.should == false
+		end
+	end
+end

data/spec/random_spec.rb ADDED Viewed

@@ -0,0 +1,79 @@
+require File.expand_path('spec_helper.rb', File.dirname(__FILE__))
+describe SaltPepper::Random do
+	describe "number" do
+		it "(most likely) works when only a max value is specified" do
+			100.times { (0..1).include?(SaltPepper::Random.number(2)).should == true }
+		end
+		it "(most likely) works when a range is specified" do
+			100.times { (9..10).include?(SaltPepper::Random.number(9..10)).should == true }
+		end
+	end
+	describe "code" do
+		it "works without any parameters" do
+			SaltPepper::Random.code.length.should == 8
+		end
+		it "returns uppercase alphanumeric characters" do
+			SaltPepper::Random.code(1000).should =~ /\A[A-Z0-9]+\z/
+		end
+		it "works with a size parameter" do
+			SaltPepper::Random.code(10).length.should == 10
+		end
+		it "works with size and chars parameters" do
+			SaltPepper::Random.code(100, 0..1).chars.to_a.uniq.sort.should == ["0", "1"].sort
+		end
+	end
+	describe "numeric_code" do
+		it "returns numbers only" do
+			SaltPepper::Random.numeric_code(100).should =~ /\A[0-9]+\z/
+		end
+	end
+	describe "alpha_code" do
+		it "returns uppercase letters only" do
+			SaltPepper::Random.alpha_code(100).should =~ /\A[A-Z]+\z/
+		end
+	end
+	describe "token" do
+		it "works without parameters" do
+			SaltPepper::Random.token.length.should == 32
+		end
+		it "works with a size parameter" do
+			SaltPepper::Random.token(100).length.should == 100
+		end
+		it "returns hex characters" do
+			SaltPepper::Random.token(1000).should =~ /\A[a-f0-9]*\z/
+		end
+	end
+	describe "methods" do
+		it "are available on SaltPepper itself" do
+			SaltPepper.respond_to?(:number).should == true
+			SaltPepper.respond_to?(:code).should == true
+			SaltPepper.respond_to?(:alpha_code).should == true
+			SaltPepper.respond_to?(:numeric_code).should == true
+			SaltPepper.respond_to?(:token).should == true
+		end
+	end
+end

data/spec/spec_helper.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ require 'salt-and-pepper'

metadata ADDED Viewed

@@ -0,0 +1,112 @@
+--- !ruby/object:Gem::Specification
+name: salt-and-pepper
+version: !ruby/object:Gem::Version
+  hash: 19
+  prerelease:
+  segments:
+  - 0
+  - 2
+  - 2
+  version: 0.2.2
+platform: ruby
+authors:
+- Mate Solymosi
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2011-04-24 00:00:00 +02:00
+default_executable:
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        hash: 7
+        segments:
+        - 3
+        - 0
+        - 0
+        version: 3.0.0
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        hash: 7
+        segments:
+        - 3
+        - 0
+        - 0
+        version: 3.0.0
+  type: :runtime
+  version_requirements: *id002
+description: Super easy password salting and hashing for ActiveRecord (Rails)
+email:
+- mate@solymosi.eu
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- README.textile
+- Rakefile
+- lib/salt-and-pepper.rb
+- lib/salt_pepper/hashed_string.rb
+- lib/salt_pepper/model_extensions.rb
+- lib/salt_pepper/random.rb
+- lib/version.rb
+- salt-and-pepper.gemspec
+- spec/hashed_string_spec.rb
+- spec/model_extensions_spec.rb
+- spec/random_spec.rb
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/SMWEB/salt-and-pepper
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      hash: 3
+      segments:
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      hash: 3
+      segments:
+      - 0
+      version: "0"
+requirements: []
+rubyforge_project: salt-and-pepper
+rubygems_version: 1.6.2
+signing_key:
+specification_version: 3
+summary: Super easy password salting and hashing for ActiveRecord (Rails)
+test_files: []