RubyGems - salt-and-pepper - Versions diffs - 0.2.2 - Mend

salt-and-pepper 0.2.2

Files changed (15) hide show

data/.gitignore +4 -0
data/Gemfile +4 -0
data/README.textile +138 -0
data/Rakefile +4 -0
data/lib/salt-and-pepper.rb +12 -0
data/lib/salt_pepper/hashed_string.rb +99 -0
data/lib/salt_pepper/model_extensions.rb +82 -0
data/lib/salt_pepper/random.rb +46 -0
data/lib/version.rb +3 -0
data/salt-and-pepper.gemspec +24 -0
data/spec/hashed_string_spec.rb +151 -0
data/spec/model_extensions_spec.rb +275 -0
data/spec/random_spec.rb +79 -0
data/spec/spec_helper.rb +1 -0
metadata +112 -0

data/.gitignore ADDED Viewed

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/Gemfile ADDED Viewed

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+# Specify your gem's dependencies in salt-and-pepper.gemspec
+gemspec

data/README.textile ADDED Viewed

@@ -0,0 +1,138 @@
+h1. Salt and Pepper
+Provides automatic password hashing for ActiveRecord (>= 3.0) and a couple of methods for generating random strings, tokens, etc.
+Features:
+* Mark columns for auto-hashing with a single line of code.
+* Automatic salting of hashes. No separate column is required for the salt.
+* Does not break validations on the hashed columns (only a small change is required).
+* Super easy hash verification.
+* Tested using RSpec 2
+<code>Digest::SHA256</code> is used for hashing and <code>ActiveRecord::SecureRandom</code> is used for generating random stuff.
+h2. Installation
+Just add it to your Gemfile and run <code>bundle install</code>:
+<pre>
+gem "salt-and-pepper"
+</pre>
+h2. Usage
+To enable automatic hashing for a column, call <code>hash_column</code> in your model:
+<pre>
+class User < ActiveRecord::Base
+  hash_column :password
+end
+</pre>
+You can specify multiple columns in one line or in separate lines:
+<pre>
+class User < ActiveRecord::Base
+  hash_column :password, :security_token
+  # or
+  hash_column :password
+  hash_column :security_token
+end
+</pre>
+h3. Options
+You can pass the <code>:length</code> option to change the length of the stored hash.
+Numbers between 96 and 192 are accepted, the default value is 128. Make sure the database column can store a string that long!
+<pre>
+# set length for both columns
+hash_column :password, :security_token, :length => 100
+# or adjust them individually
+hash_column :password, :length => 160
+hash_column :secret, :length => 120
+</pre>
+By default, blank _(= empty or whitespace-only)_ strings will be converted to <code>nil</code>, and will not be hashed.
+If you _really_ want blank strings to be hashed, use the <code>:hash_blank_strings</code> option:
+<pre>
+# Default behavior:
+#                    nil => nil
+#           empty string => nil
+# whitespace-only string => nil
+hash_column :password, :hash_blank_strings => true
+# New behavior:
+#                    nil => nil
+#           empty string => 77c0a93ad8e5f42cf676...
+# whitespace-only string => 1b8d091174299844b1a4...
+</pre>
+h3. Verification
+Just compare the two values:
+<pre>
+if @user.password == "secret"
+  # password is valid
+end
+</pre>
+A full example:
+<pre>
+# app/models/user.rb
+class User < ActiveRecord::Base
+  hash_column :password
+end
+# app/controllers/sessions_controller.rb
+def create
+  @user = User.find_by_username(params[:username])
+  if @user.present? && @user.password == params[:password]
+    # login user here
+  else
+    redirect_to new_session_path, :alert => "Invalid username or password."
+  end
+end
+</pre>
+h3. Validating hashed columns
+Salt and Pepper provides the <code>validate_[column]?</code> method for deciding whether validations on the column should be performed.
+Use it to prevent running your sophisticated length-checking algorithms on a 128-character hash :). Skipping validation of hashed values is safe because they were already checked at the time they were set.
+<pre>
+class User < ActiveRecord::Base
+  encrypt :password
+  validates :password, :length => { :within => 6..100 }, :if => :validate_password?
+end
+</pre>
+h3. Generating random stuff
+Salt and Pepper has a couple of handy methods for generating random numbers, codes, tokens, etc:
+<pre>
+SaltPepper.number(6)                                  # => 4     (identical to: 0..5)
+SaltPepper.number(10..20)                             # => 11
+SaltPepper.alpha_code                                 # => "SNPBJSDG"
+SaltPepper.alpha_code(4)                              # => "FKNP"
+SaltPepper.numeric_code                               # => "01570475"
+SaltPepper.numeric_code(20)                           # => "70110124996934848762"
+SaltPepper.code                                       # => "29Y3WSEC"     (alphanumeric)
+SaltPepper.code(5)                                    # => "89U1F"
+SaltPepper.code(10, 'a'..'z')                         # => "mqxeozlelw"
+SaltPepper.code(15, (0..1).to_a + ('a'..'b').to_a)    # => "0ab1b0b1b01a0a1"
+SaltPepper.token                                      # => "a0d5828f79e9e22dbc1f896e49f8183a"
+SaltPepper.token(16)                                  # => "caa4a085edb19499"
+</pre>
+h2. License
+Released under the MIT license.
+Copyright (C) Máté Solymosi 2011

data/Rakefile ADDED Viewed

@@ -0,0 +1,4 @@
+require 'bundler'
+require 'rspec/core/rake_task'
+Bundler::GemHelper.install_tasks

data/lib/salt-and-pepper.rb ADDED Viewed

@@ -0,0 +1,12 @@
+require "active_support"
+require "active_support/core_ext"
+require "active_record"
+require "salt_pepper/random"
+require "salt_pepper/hashed_string"
+require "salt_pepper/model_extensions"
+module SaltPepper
+	class ArgumentError < ArgumentError; end
+	class ValueHashedError < ArgumentError; end
+end

data/lib/salt_pepper/hashed_string.rb ADDED Viewed

@@ -0,0 +1,99 @@
+module SaltPepper
+	class HashedString
+		DefaultOptions = { :length => 128 }
+		Length = 96..192
+		attr_reader :hsh, :salt
+		def initialize(str, options = DefaultOptions)
+			raise ArgumentError, "Input must be a String" unless str.is_a?(String)
+			options.reverse_merge! DefaultOptions
+			HashedString.check_options! options
+			@salt = SaltPepper::Random.salt(options[:length])
+			@hsh = HashedString.hsh(str, @salt)
+		end
+		def to_s
+			""
+		end
+		def to_yaml
+			result
+		end
+		def result
+			hsh + salt
+		end
+		def inspect
+			result.inspect
+		end
+		def ==(obj)
+			return self.eql?(obj) if obj.is_a?(HashedString)
+			return HashedString.hsh(obj, @salt) == @hsh if obj.is_a?(String)
+			false
+		end
+		def eql?(other)
+			result == other.result
+		end
+		def set_attributes(h, s)
+			@hsh, @salt = h, s
+		end
+		def self.from_hash(h)
+			raise ArgumentError, "Hash must be a String or a HashedString" unless h.is_a?(String) || h.is_a?(HashedString)
+			h = h.result if h.is_a?(HashedString)
+			raise ArgumentError, "Length should be within #{Length.inspect}" unless Length.include?(h.length)
+			hs = h[0...64]
+			sl = h[64...h.length]
+			n = HashedString.new("")
+			n.set_attributes(hs, sl)
+			n
+		end
+		def length
+			self.class.raise_value_hashed_error
+		end
+		def =~(regexp)
+			self.class.raise_value_hashed_error
+		end
+		protected
+		def self.hsh(password, salt)
+			Digest::SHA256.hexdigest(password + salt)
+		end
+		private
+		def self.check_options!(options)
+			options.each do |name, value|
+				case name.to_s
+					when "length" then
+						raise ArgumentError, "Length should be a Fixnum" unless value.is_a?(Fixnum)
+						raise ArgumentError, "Length should be within #{Length.inspect}" unless Length.include?(value)
+					else
+						raise ArgumentError, "Invalid option: #{name.to_s}"
+				end
+			end
+			true
+		end
+		def self.raise_value_hashed_error
+			raise SaltPepper::ValueHashedError, "This attribute is currently hashed, so it cannot be accessed or validated. Add :if => :validate_[column name]? to your validator to prevent it from running when the attribute is hashed."
+		end
+	end
+end
+class String
+	def ==(obj)
+		return obj == self if obj.is_a?(SaltPepper::HashedString)
+		super
+	end
+end

data/lib/salt_pepper/model_extensions.rb ADDED Viewed

@@ -0,0 +1,82 @@
+module SaltPepper
+	module ModelExtensions
+		DefaultHashColumnOptions = { :length => SaltPepper::HashedString::DefaultOptions[:length], :hash_blank_strings => false }
+		module ClassMethods
+			def hashed_columns
+				read_inheritable_attribute :hashed_columns
+			end
+			def hash_column(*args)
+				options = args.extract_options!
+				options.keys.each { |k| raise ArgumentError, "Invalid option: #{k.to_s}" unless DefaultHashColumnOptions.keys.include?(k.to_sym) }
+				raise ArgumentError, "No columns specified" if args.empty?
+				raise ArgumentError, "Primary key cannot be hashed" if (["id", self.primary_key] - (args.map { |a| a.to_s })).length < 2
+				args.each do |arg|
+					raise ArgumentError, "Column name should be a symbol or a string" unless arg.is_a?(String) || arg.is_a?(Symbol)
+					raise ArgumentError, "'#{arg.to_s}' is not a valid column name" unless self.column_names.include?(arg.to_s)
+					write_inheritable_hash(:hashed_columns, { arg.to_sym => options.symbolize_keys.reverse_merge(DefaultHashColumnOptions) })
+					self.cached_attributes.delete arg.to_s
+					self.class_eval <<-EVAL
+						def validate_#{arg.to_s}?
+							!hashed?("#{arg.to_s}")
+						end
+					EVAL
+				end
+				if !self._save_callbacks.map { |c| c.filter.to_sym }.include?(:hash_before_save)
+					self.before_save :hash_before_save
+				end
+			end
+		end
+		def self.included(klass)
+			klass.extend(ClassMethods)
+			klass.write_inheritable_hash(:hashed_columns, {})
+			klass.instance_eval <<-EVAL
+				after_initialize :initialize_hashed_columns
+			EVAL
+		end
+		private
+		def hash_before_save
+			self.class.hashed_columns.each do |column, options|
+				next if hashed?(column)
+				@attributes[column.to_s] = nil if read_attribute(column).blank? && !options[:hash_blank_strings]
+				perform_hashing_on_column(column, options[:length]) unless read_attribute(column).nil?
+			end
+		end
+		def perform_hashing_on_column(column, length)
+			@attributes[column.to_s] = HashedString.new(read_attribute(column), :length => length)
+		end
+		def convert_column_to_hashed_string(column)
+			@attributes[column.to_s] = HashedString.from_hash(read_attribute(column))
+		end
+		def hashed?(column)
+			read_attribute(column.to_s).is_a?(HashedString)
+		end
+		def initialize_hashed_columns
+			unless self.new_record?
+				self.class.hashed_columns.keys.each do |k|
+					convert_column_to_hashed_string(k) unless read_attribute(k).blank?
+				end
+			end
+		end
+	end
+end
+ActiveSupport.on_load :active_record do
+	class ActiveRecord::Base
+		include SaltPepper::ModelExtensions
+	end
+end

data/lib/salt_pepper/random.rb ADDED Viewed

@@ -0,0 +1,46 @@
+module SaltPepper
+	module Random
+		def self.token(size = 32)
+			hex(size)
+		end
+		def self.code(size = 8, chars = ('A'..'Z').to_a + (0..9).to_a)
+			chars = chars.to_a if chars.is_a?(Range)
+			chars = chars.chars.to_a.uniq if chars.is_a?(String)
+			(1..size).map { chars[self.number(chars.length)] }.join
+		end
+		def self.numeric_code(size = 8)
+			self.code(size, 0..9)
+		end
+		def self.alpha_code(size = 8)
+			self.code(size, 'A'..'Z')
+		end
+		def self.number(max_or_range)
+			return max_or_range.begin + ActiveSupport::SecureRandom.random_number(max_or_range.end - max_or_range.begin + 1) if max_or_range.is_a?(Range)
+			ActiveSupport::SecureRandom.random_number(max_or_range)
+		end
+		private
+		def self.salt(size = DefaultOptions[:length])
+			hex(size - 64)
+		end
+		def self.hex(size)
+			ActiveSupport::SecureRandom.hex(size / 2)
+		end
+	end
+	(Random.methods(false) - Random.private_methods(false)).each do |m|
+		module_eval <<-EVAL, __FILE__, __LINE__
+			def self.#{m}(*args)
+				Random.#{m}(*args)
+			end
+		EVAL
+	end
+end

data/lib/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module SaltPepper
+  VERSION = "0.2.2"
+end

data/salt-and-pepper.gemspec ADDED Viewed

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "version"
+Gem::Specification.new do |s|
+	s.name        = "salt-and-pepper"
+	s.version     = SaltPepper::VERSION
+	s.platform    = Gem::Platform::RUBY
+	s.authors     = ["Mate Solymosi"]
+	s.email       = ["mate@solymosi.eu"]
+	s.homepage    = "http://github.com/SMWEB/salt-and-pepper"
+	s.summary     = %q{Super easy password salting and hashing for ActiveRecord (Rails)}
+	s.description = %q{Super easy password salting and hashing for ActiveRecord (Rails)}
+	s.rubyforge_project = "salt-and-pepper"
+	s.files         = `git ls-files`.split("\n")
+	s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+	s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+	s.require_paths = ["lib"]
+	s.add_dependency("activesupport", ">= 3.0.0")
+	s.add_dependency("activerecord", ">= 3.0.0")
+end

data/spec/hashed_string_spec.rb ADDED Viewed

@@ -0,0 +1,151 @@
+require File.expand_path('spec_helper.rb', File.dirname(__FILE__))
+describe SaltPepper::HashedString do
+	before(:each) do
+		@hash = SaltPepper::HashedString.new("secret")
+	end
+	describe "initialize" do
+		it "raises error invalid parameters" do
+			lambda { SaltPepper::HashedString.new(nil) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.new(3) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.new([]) }.should raise_error(SaltPepper::ArgumentError)
+		end
+		it "accepts valid parameters" do
+			lambda { SaltPepper::HashedString.new("") }.should_not raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.new("secret") }.should_not raise_error(SaltPepper::ArgumentError)
+		end
+		it "generates a valid salt with default length" do
+			@hash.salt.length.should == SaltPepper::HashedString::DefaultOptions[:length] - 64
+		end
+		it "generates a valid salt with custom length" do
+			SaltPepper::HashedString.new("secret", :length => 192).salt.length.should == 128
+		end
+		it "raises error for invalid options" do
+			lambda { SaltPepper::HashedString.new("secret", :length => 95) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.new("secret", :length => 197) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.new("secret", :length => true) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.new("secret", :length => "oops") }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.new("secret", :oops => true) }.should raise_error(SaltPepper::ArgumentError)
+		end
+		it "hashes the input string" do
+			@hash.hsh.should_not be_blank
+		end
+	end
+	describe "hsh" do
+		it "returns the hash" do
+			@hash.hsh.should == @hash.result[0...64]
+		end
+	end
+	describe "salt" do
+		it "returns the salt" do
+			@hash.salt.should == @hash.result[64...128]
+		end
+	end
+	describe "to_s" do
+		it "returns empty string" do
+			@hash.to_s.should == ""
+		end
+	end
+	describe "to_yaml" do
+		it "returns the result" do
+			@hash.to_yaml.should == @hash.result
+		end
+	end
+	describe "inspect" do
+		it "returns result.inspect" do
+			@hash.inspect.should == @hash.result.inspect
+		end
+	end
+	describe "set_attributes" do
+		it "sets attributes correctly" do
+			@hash.set_attributes("hehe", "haha")
+			@hash.hsh.should == "hehe"
+			@hash.salt.should == "haha"
+		end
+	end
+	describe "==" do
+		it "returns true if String is given and verification succeeds" do
+			@hash.should == "secret"
+		end
+		it "returns false if String is given and verification fails" do
+			@hash.should_not == "oops"
+		end
+		it "returns true if another HashedString is given and they match" do
+			h = SaltPepper::HashedString.from_hash(@hash)
+			@hash.should == h
+		end
+		it "returns false if another HashedString is given but they don't match" do
+			h = SaltPepper::HashedString.new("oops")
+			@hash.should_not == h
+		end
+		it "returns false if something other than a String or HashedString is given" do
+			@hash.should_not == 10
+			@hash.should_not == []
+			@hash.should_not == {}
+		end
+	end
+	describe "from_hash" do
+		before(:each) do
+			@f = SaltPepper::HashedString.from_hash(@hash)
+		end
+		it "raises error for invalid parameters" do
+			lambda { SaltPepper::HashedString.from_hash(nil) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.from_hash(10) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.from_hash("o" * 95) }.should raise_error(SaltPepper::ArgumentError)
+			lambda { SaltPepper::HashedString.from_hash("o" * 197) }.should raise_error(SaltPepper::ArgumentError)
+		end
+		it "separates the hash and the salt correctly" do
+			@f.hsh.should == @hash.hsh
+			@f.salt.should == @hash.salt
+			@f.should == @hash
+			@f.should == "secret"
+		end
+	end
+	describe "eql?" do
+		it "works correctly" do
+			SaltPepper::HashedString.from_hash(@hash.result).eql?(@hash).should == true
+		end
+	end
+	describe "String extension" do
+		it "works correctly" do
+			"secret".should == @hash
+		end
+	end
+	describe "validation help messages" do
+		it "work correctly" do
+			lambda { @hash.length }.should raise_error(SaltPepper::ValueHashedError)
+			lambda { @hash =~ /.*/ }.should raise_error(SaltPepper::ValueHashedError)
+		end
+	end
+end

data/spec/model_extensions_spec.rb ADDED Viewed

@@ -0,0 +1,275 @@
+require File.expand_path('spec_helper.rb', File.dirname(__FILE__))
+describe SaltPepper::ModelExtensions do
+	before(:each) do
+		ActiveRecord::Base.establish_connection :adapter => "sqlite3", :database => ":memory:"
+		ActiveRecord::Base.connection.create_table :users do |t|
+			t.string :password
+			t.string :token
+			t.string :required, :null => false, :default => "something"
+		end
+		class User; end
+		@user = Class.new(ActiveRecord::Base) do
+			self.table_name = "users"
+			@_model_name = ActiveModel::Name.new(User)
+		end
+	end
+	describe "included?" do
+		it "should have SaltPepper::ModelExtensions included" do
+			@user.included_modules.include?(SaltPepper::ModelExtensions)
+		end
+		it "should add the hash_column class method to the class it's included in" do
+			@user.respond_to?("hash_column").should == true
+		end
+	end
+	describe "hash_column" do
+		it "should add a single attribute to the list" do
+			@user.hash_column :password
+			@user.hashed_columns.count.should == 1
+			@user.hashed_columns.keys.include?(:password).should == true
+		end
+		it "should add multiple attributes to the list" do
+			@user.hash_column :password, :token
+			@user.hashed_columns.count.should == 2
+			@user.hashed_columns.keys.include?(:password).should == true
+			@user.hashed_columns.keys.include?(:token).should == true
+		end
+		it "should work properly when called multiple times" do
+			@user.hash_column :password
+			@user.hash_column :token
+			@user.hashed_columns.count.should == 2
+			@user.hashed_columns.keys.include?(:password).should == true
+			@user.hashed_columns.keys.include?(:token).should == true
+		end
+		it "should allow valid parameters" do
+			@user.hash_column :password, :length => 100, :hash_blank_strings => true
+			@user.hashed_columns.count.should == 1
+			@user.hashed_columns[:password].should == { :length => 100, :hash_blank_strings => true }
+		end
+		it "should apply defaults for unset options" do
+			@user.hash_column :password
+			@user.hashed_columns[:password].should == SaltPepper::ModelExtensions::DefaultHashColumnOptions
+		end
+		it "should not add the same attribute twice" do
+			2.times { @user.hash_column :password }
+			@user.hashed_columns.count.should == 1
+		end
+		it "should not add an attribute without an existing column to the list" do
+			lambda { @user.hash_column :oops }.should raise_error(ArgumentError)
+			@user.hashed_columns.should be_empty
+		end
+		it "should not allow invalid parameters" do
+			lambda { @user.hash_column :password, :oops => true }.should raise_error(ArgumentError)
+		end
+		it "should not allow primary key column to be hashed" do
+			lambda { @user.hash_column :id }.should raise_error(ArgumentError)
+		end
+		it "should delete attribute from cached attributes list when present" do
+			@user.cached_attributes.add "password"
+			@user.hash_column :password
+			@user.cached_attributes.include?("password").should == false
+		end
+	end
+	describe "after_initialize" do
+		before(:each) do
+			@user.hash_column :password
+			@u = @user.new
+		end
+		it "should replace the hashed values to a HashedString if not empty and not new_record?" do
+			@u.password = "secret"
+			@u.save!
+			@u = @user.first
+			@u.password.is_a?(SaltPepper::HashedString).should == true
+			@u.password.respond_to?(:result).should == true
+			@u.password.should == "secret"
+		end
+		it "should not replace empty values to a HashedString" do
+			@u.password.is_a?(SaltPepper::HashedString).should == false
+			@u.save!
+			@u = @user.first
+			@u.password.is_a?(SaltPepper::HashedString).should == false
+		end
+	end
+	describe "column hashing on save" do
+		it "hashes column on save" do
+			@user.hash_column :password
+			@u = @user.new
+			@u.password.should == nil
+			@u.validate_password?.should == true
+			@u.password = "secret"
+			@u.password.class.should == String
+			@u.password.should == "secret"
+			@u.validate_password?.should == true
+			@u.save!
+			@u.password.class.should == SaltPepper::HashedString
+			@u.password.should == "secret"
+			@u.password.should_not == "oops"
+			@u.validate_password?.should == false
+		end
+		it "does not rehash column if its value was not changed" do
+			@user.hash_column :password
+			@u = @user.new
+			@u.password = "secret"
+			@u.save!
+			@u.validate_password?.should == false
+			@u.save!
+			@u.validate_password?.should == false
+			@u.password.should == "secret"
+			@u.password = @u.password
+			@u.validate_password?.should == false
+			@u.save!
+			@u.password.should == "secret"
+		end
+		it "does not hash column if it is nil or blank" do
+			@user.hash_column :password
+			@u = @user.new
+			@u.save!
+			@u.password.should be_nil
+			@u.validate_password?.should == true
+			@u.password = ""
+			@u.save!
+			@u.password.should be_nil
+			@u.validate_password?.should == true
+			@u.password = "secret"
+			@u.save!
+			@u.validate_password?.should == false
+			@u.password.should == "secret"
+			@u.password = ""
+			@u.save!
+			@u.password.should be_nil
+			@u.validate_password?.should == true
+			@u.password = nil
+			@u.save!
+			@u.password.should be_nil
+			@u.validate_password?.should == true
+		end
+		it "correctly hashes columns with :hash_blank_strings => true" do
+			@user.hash_column :password, :hash_blank_strings => true
+			@u = @user.new
+			@u.password = nil
+			@u.save!
+			@u.password.should be_nil
+			@u.validate_password?.should == true
+			@u.password = "secret"
+			@u.save!
+			@u.validate_password?.should == false
+			@u.password = ""
+			@u.save!
+			@u.password.should == ""
+			@u.password.class.should == SaltPepper::HashedString
+		end
+		it "works with validations on the column" do
+			@user.hash_column :password
+			@user.validates :password, :presence => true, :length => { :within => 5..10 }, :if => :validate_password?
+			@u = @user.new
+			@u.password = ""
+			@u.save.should == false
+			@u.password = "abc"
+			@u.save.should == false
+			@u.password = "ooooooooops"
+			@u.save.should == false
+			@u.password = "secret"
+			@u.save.should == true
+			@u.save.should == true
+			@u.password = @u.password
+			@u.save.should == true
+			@u = @user.first
+			@u.save.should == true
+			@u.password = "abc"
+			@u.save.should == false
+		end
+		it "works with multiple columns" do
+			@user.hash_column :password, :token
+			@u = @user.new
+			@u.password = "secret"
+			@u.save!
+			@u.password.should == "secret"
+			@u.token.should be_nil
+			@u.token = "other"
+			@u.save!
+			@u.password.should == "secret"
+			@u.token.should == "other"
+			@u.save!
+			@u.password.should == "secret"
+			@u.token.should == "other"
+		end
+		it "remains in a consistent state if saving fails" do
+			@user.hash_column :password
+			@u = @user.new
+			@u.required = nil
+			@u.password = "secret"
+			@u.save! rescue nil
+			@u.password.should == "secret"
+			@u.validate_password?.should == false
+			@u.required = "something"
+			@u.save!
+			@u.password.should == "secret"
+			@u.validate_password?.should == false
+		end
+		it "works with finds" do
+			@user.hash_column :password
+			@u = @user.new
+			@u.password = "secret"
+			@u.save
+			@v = @user.first
+			@v.validate_password?.should == false
+			@u.password.should == "secret"
+			@v.password = nil
+			@v.save
+			@w = @user.first
+			@w.validate_password?.should == true
+			@w.password.should be_nil
+		end
+		it "works with change tracking" do
+			@user.hash_column :password
+			@u = @user.new
+			@u.password = "secret"
+			@u.save
+			@u = @user.first
+			@u.changed_attributes.count.should be_zero
+			@u.password = @u.password
+			@u.reset_password!
+			@u.password.class.should == SaltPepper::HashedString
+			@u.password = "other"
+			@u.reset_password!
+			@u.password.class.should == SaltPepper::HashedString
+			@u.validate_password?.should == false
+		end
+	end
+end

data/spec/random_spec.rb ADDED Viewed

@@ -0,0 +1,79 @@
+require File.expand_path('spec_helper.rb', File.dirname(__FILE__))
+describe SaltPepper::Random do
+	describe "number" do
+		it "(most likely) works when only a max value is specified" do
+			100.times { (0..1).include?(SaltPepper::Random.number(2)).should == true }
+		end
+		it "(most likely) works when a range is specified" do
+			100.times { (9..10).include?(SaltPepper::Random.number(9..10)).should == true }
+		end
+	end
+	describe "code" do
+		it "works without any parameters" do
+			SaltPepper::Random.code.length.should == 8
+		end
+		it "returns uppercase alphanumeric characters" do
+			SaltPepper::Random.code(1000).should =~ /\A[A-Z0-9]+\z/
+		end
+		it "works with a size parameter" do
+			SaltPepper::Random.code(10).length.should == 10
+		end
+		it "works with size and chars parameters" do
+			SaltPepper::Random.code(100, 0..1).chars.to_a.uniq.sort.should == ["0", "1"].sort
+		end
+	end
+	describe "numeric_code" do
+		it "returns numbers only" do
+			SaltPepper::Random.numeric_code(100).should =~ /\A[0-9]+\z/
+		end
+	end
+	describe "alpha_code" do
+		it "returns uppercase letters only" do
+			SaltPepper::Random.alpha_code(100).should =~ /\A[A-Z]+\z/
+		end
+	end
+	describe "token" do
+		it "works without parameters" do
+			SaltPepper::Random.token.length.should == 32
+		end
+		it "works with a size parameter" do
+			SaltPepper::Random.token(100).length.should == 100
+		end
+		it "returns hex characters" do
+			SaltPepper::Random.token(1000).should =~ /\A[a-f0-9]*\z/
+		end
+	end
+	describe "methods" do
+		it "are available on SaltPepper itself" do
+			SaltPepper.respond_to?(:number).should == true
+			SaltPepper.respond_to?(:code).should == true
+			SaltPepper.respond_to?(:alpha_code).should == true
+			SaltPepper.respond_to?(:numeric_code).should == true
+			SaltPepper.respond_to?(:token).should == true
+		end
+	end
+end

data/spec/spec_helper.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ require 'salt-and-pepper'

metadata ADDED Viewed

@@ -0,0 +1,112 @@
+--- !ruby/object:Gem::Specification
+name: salt-and-pepper
+version: !ruby/object:Gem::Version
+  hash: 19
+  prerelease:
+  segments:
+  - 0
+  - 2
+  - 2
+  version: 0.2.2
+platform: ruby
+authors:
+- Mate Solymosi
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2011-04-24 00:00:00 +02:00
+default_executable:
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        hash: 7
+        segments:
+        - 3
+        - 0
+        - 0
+        version: 3.0.0
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        hash: 7
+        segments:
+        - 3
+        - 0
+        - 0
+        version: 3.0.0
+  type: :runtime
+  version_requirements: *id002
+description: Super easy password salting and hashing for ActiveRecord (Rails)
+email:
+- mate@solymosi.eu
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- README.textile
+- Rakefile
+- lib/salt-and-pepper.rb
+- lib/salt_pepper/hashed_string.rb
+- lib/salt_pepper/model_extensions.rb
+- lib/salt_pepper/random.rb
+- lib/version.rb
+- salt-and-pepper.gemspec
+- spec/hashed_string_spec.rb
+- spec/model_extensions_spec.rb
+- spec/random_spec.rb
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/SMWEB/salt-and-pepper
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      hash: 3
+      segments:
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      hash: 3
+      segments:
+      - 0
+      version: "0"
+requirements: []
+rubyforge_project: salt-and-pepper
+rubygems_version: 1.6.2
+signing_key:
+specification_version: 3
+summary: Super easy password salting and hashing for ActiveRecord (Rails)
+test_files: []