wulffeld_authlogic 2.1.3
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.rdoc +345 -0
- data/LICENSE +20 -0
- data/README.rdoc +246 -0
- data/Rakefile +41 -0
- data/VERSION.yml +5 -0
- data/generators/session/session_generator.rb +9 -0
- data/generators/session/templates/session.rb +2 -0
- data/init.rb +1 -0
- data/lib/authlogic.rb +64 -0
- data/lib/authlogic/acts_as_authentic/base.rb +107 -0
- data/lib/authlogic/acts_as_authentic/email.rb +110 -0
- data/lib/authlogic/acts_as_authentic/logged_in_status.rb +60 -0
- data/lib/authlogic/acts_as_authentic/login.rb +141 -0
- data/lib/authlogic/acts_as_authentic/magic_columns.rb +24 -0
- data/lib/authlogic/acts_as_authentic/password.rb +355 -0
- data/lib/authlogic/acts_as_authentic/perishable_token.rb +105 -0
- data/lib/authlogic/acts_as_authentic/persistence_token.rb +68 -0
- data/lib/authlogic/acts_as_authentic/restful_authentication.rb +61 -0
- data/lib/authlogic/acts_as_authentic/session_maintenance.rb +139 -0
- data/lib/authlogic/acts_as_authentic/single_access_token.rb +65 -0
- data/lib/authlogic/acts_as_authentic/validations_scope.rb +32 -0
- data/lib/authlogic/authenticates_many/association.rb +42 -0
- data/lib/authlogic/authenticates_many/base.rb +55 -0
- data/lib/authlogic/controller_adapters/abstract_adapter.rb +67 -0
- data/lib/authlogic/controller_adapters/merb_adapter.rb +30 -0
- data/lib/authlogic/controller_adapters/rails_adapter.rb +52 -0
- data/lib/authlogic/controller_adapters/sinatra_adapter.rb +61 -0
- data/lib/authlogic/crypto_providers/aes256.rb +43 -0
- data/lib/authlogic/crypto_providers/bcrypt.rb +90 -0
- data/lib/authlogic/crypto_providers/md5.rb +34 -0
- data/lib/authlogic/crypto_providers/sha1.rb +35 -0
- data/lib/authlogic/crypto_providers/sha256.rb +50 -0
- data/lib/authlogic/crypto_providers/sha512.rb +50 -0
- data/lib/authlogic/crypto_providers/wordpress.rb +43 -0
- data/lib/authlogic/i18n.rb +83 -0
- data/lib/authlogic/i18n/translator.rb +15 -0
- data/lib/authlogic/random.rb +33 -0
- data/lib/authlogic/regex.rb +25 -0
- data/lib/authlogic/session/activation.rb +58 -0
- data/lib/authlogic/session/active_record_trickery.rb +64 -0
- data/lib/authlogic/session/base.rb +39 -0
- data/lib/authlogic/session/brute_force_protection.rb +96 -0
- data/lib/authlogic/session/callbacks.rb +99 -0
- data/lib/authlogic/session/cookies.rb +130 -0
- data/lib/authlogic/session/existence.rb +93 -0
- data/lib/authlogic/session/foundation.rb +65 -0
- data/lib/authlogic/session/http_auth.rb +58 -0
- data/lib/authlogic/session/id.rb +41 -0
- data/lib/authlogic/session/klass.rb +78 -0
- data/lib/authlogic/session/magic_columns.rb +95 -0
- data/lib/authlogic/session/magic_states.rb +59 -0
- data/lib/authlogic/session/params.rb +101 -0
- data/lib/authlogic/session/password.rb +240 -0
- data/lib/authlogic/session/perishable_token.rb +18 -0
- data/lib/authlogic/session/persistence.rb +70 -0
- data/lib/authlogic/session/priority_record.rb +34 -0
- data/lib/authlogic/session/scopes.rb +101 -0
- data/lib/authlogic/session/session.rb +62 -0
- data/lib/authlogic/session/timeout.rb +82 -0
- data/lib/authlogic/session/unauthorized_record.rb +50 -0
- data/lib/authlogic/session/validation.rb +82 -0
- data/lib/authlogic/test_case.rb +120 -0
- data/lib/authlogic/test_case/mock_controller.rb +45 -0
- data/lib/authlogic/test_case/mock_cookie_jar.rb +14 -0
- data/lib/authlogic/test_case/mock_logger.rb +10 -0
- data/lib/authlogic/test_case/mock_request.rb +19 -0
- data/lib/authlogic/test_case/rails_request_adapter.rb +30 -0
- data/lib/generators/authlogic/session/USAGE +5 -0
- data/lib/generators/authlogic/session/session_generator.rb +14 -0
- data/lib/generators/authlogic/session/templates/session.rb +2 -0
- data/rails/init.rb +1 -0
- data/shoulda_macros/authlogic.rb +69 -0
- data/test/acts_as_authentic_test/base_test.rb +18 -0
- data/test/acts_as_authentic_test/email_test.rb +97 -0
- data/test/acts_as_authentic_test/logged_in_status_test.rb +36 -0
- data/test/acts_as_authentic_test/login_test.rb +109 -0
- data/test/acts_as_authentic_test/magic_columns_test.rb +27 -0
- data/test/acts_as_authentic_test/password_test.rb +236 -0
- data/test/acts_as_authentic_test/perishable_token_test.rb +90 -0
- data/test/acts_as_authentic_test/persistence_token_test.rb +55 -0
- data/test/acts_as_authentic_test/restful_authentication_test.rb +40 -0
- data/test/acts_as_authentic_test/session_maintenance_test.rb +84 -0
- data/test/acts_as_authentic_test/single_access_test.rb +44 -0
- data/test/authenticates_many_test.rb +16 -0
- data/test/crypto_provider_test/aes256_test.rb +14 -0
- data/test/crypto_provider_test/bcrypt_test.rb +14 -0
- data/test/crypto_provider_test/sha1_test.rb +23 -0
- data/test/crypto_provider_test/sha256_test.rb +14 -0
- data/test/crypto_provider_test/sha512_test.rb +14 -0
- data/test/fixtures/companies.yml +5 -0
- data/test/fixtures/employees.yml +17 -0
- data/test/fixtures/projects.yml +3 -0
- data/test/fixtures/users.yml +24 -0
- data/test/i18n_test.rb +33 -0
- data/test/libs/affiliate.rb +7 -0
- data/test/libs/company.rb +6 -0
- data/test/libs/employee.rb +7 -0
- data/test/libs/employee_session.rb +2 -0
- data/test/libs/ldaper.rb +3 -0
- data/test/libs/ordered_hash.rb +9 -0
- data/test/libs/project.rb +3 -0
- data/test/libs/user.rb +5 -0
- data/test/libs/user_session.rb +6 -0
- data/test/random_test.rb +49 -0
- data/test/session_test/activation_test.rb +43 -0
- data/test/session_test/active_record_trickery_test.rb +36 -0
- data/test/session_test/brute_force_protection_test.rb +101 -0
- data/test/session_test/callbacks_test.rb +6 -0
- data/test/session_test/cookies_test.rb +112 -0
- data/test/session_test/credentials_test.rb +0 -0
- data/test/session_test/existence_test.rb +64 -0
- data/test/session_test/http_auth_test.rb +28 -0
- data/test/session_test/id_test.rb +17 -0
- data/test/session_test/klass_test.rb +40 -0
- data/test/session_test/lint_test.rb +9 -0
- data/test/session_test/magic_columns_test.rb +62 -0
- data/test/session_test/magic_states_test.rb +60 -0
- data/test/session_test/params_test.rb +53 -0
- data/test/session_test/password_test.rb +106 -0
- data/test/session_test/perishability_test.rb +15 -0
- data/test/session_test/persistence_test.rb +21 -0
- data/test/session_test/scopes_test.rb +60 -0
- data/test/session_test/session_test.rb +59 -0
- data/test/session_test/timeout_test.rb +52 -0
- data/test/session_test/unauthorized_record_test.rb +13 -0
- data/test/session_test/validation_test.rb +23 -0
- data/test/test_helper.rb +183 -0
- data/wulffeld_authlogic.gemspec +220 -0
- metadata +258 -0
@@ -0,0 +1,67 @@
|
|
1
|
+
module Authlogic
|
2
|
+
module ControllerAdapters # :nodoc:
|
3
|
+
# Allows you to use Authlogic in any framework you want, not just rails. See the RailsAdapter or MerbAdapter
|
4
|
+
# for an example of how to adapt Authlogic to work with your framework.
|
5
|
+
class AbstractAdapter
|
6
|
+
attr_accessor :controller
|
7
|
+
|
8
|
+
def initialize(controller)
|
9
|
+
self.controller = controller
|
10
|
+
end
|
11
|
+
|
12
|
+
def authenticate_with_http_basic(&block)
|
13
|
+
@auth = Rack::Auth::Basic::Request.new(controller.request.env)
|
14
|
+
if @auth.provided? and @auth.basic?
|
15
|
+
block.call(*@auth.credentials)
|
16
|
+
else
|
17
|
+
false
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def cookies
|
22
|
+
controller.cookies
|
23
|
+
end
|
24
|
+
|
25
|
+
def cookie_domain
|
26
|
+
raise NotImplementedError.new("The cookie_domain method has not been implemented by the controller adapter")
|
27
|
+
end
|
28
|
+
|
29
|
+
def params
|
30
|
+
controller.params
|
31
|
+
end
|
32
|
+
|
33
|
+
def request
|
34
|
+
controller.request
|
35
|
+
end
|
36
|
+
|
37
|
+
def request_content_type
|
38
|
+
request.content_type
|
39
|
+
end
|
40
|
+
|
41
|
+
def session
|
42
|
+
controller.session
|
43
|
+
end
|
44
|
+
|
45
|
+
def responds_to_single_access_allowed?
|
46
|
+
controller.respond_to?(:single_access_allowed?, true)
|
47
|
+
end
|
48
|
+
|
49
|
+
def single_access_allowed?
|
50
|
+
controller.send(:single_access_allowed?)
|
51
|
+
end
|
52
|
+
|
53
|
+
def responds_to_last_request_update_allowed?
|
54
|
+
controller.respond_to?(:last_request_update_allowed?, true)
|
55
|
+
end
|
56
|
+
|
57
|
+
def last_request_update_allowed?
|
58
|
+
controller.send(:last_request_update_allowed?)
|
59
|
+
end
|
60
|
+
|
61
|
+
private
|
62
|
+
def method_missing(id, *args, &block)
|
63
|
+
controller.send(id, *args, &block)
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
module Authlogic
|
2
|
+
module ControllerAdapters
|
3
|
+
# Adapts authlogic to work with merb. The point is to close the gap between what authlogic expects and what the merb controller object
|
4
|
+
# provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
|
5
|
+
class MerbAdapter < AbstractAdapter
|
6
|
+
# Lets Authlogic know about the controller object via a before filter, AKA "activates" authlogic.
|
7
|
+
module MerbImplementation
|
8
|
+
def self.included(klass) # :nodoc:
|
9
|
+
klass.before :activate_authlogic
|
10
|
+
end
|
11
|
+
|
12
|
+
def cookie_domain
|
13
|
+
Merb::Config[:session_cookie_domain]
|
14
|
+
end
|
15
|
+
|
16
|
+
private
|
17
|
+
def activate_authlogic
|
18
|
+
Authlogic::Session::Base.controller = MerbAdapter.new(self)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
# make sure we're running inside Merb
|
26
|
+
if defined?(Merb::Plugins)
|
27
|
+
Merb::BootLoader.before_app_loads do
|
28
|
+
Merb::Controller.send(:include, Authlogic::ControllerAdapters::MerbAdapter::MerbImplementation)
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
module Authlogic
|
2
|
+
module ControllerAdapters
|
3
|
+
# Adapts authlogic to work with rails. The point is to close the gap between what authlogic expects and what the rails controller object
|
4
|
+
# provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
|
5
|
+
class RailsAdapter < AbstractAdapter
|
6
|
+
class AuthlogicLoadedTooLateError < StandardError; end
|
7
|
+
|
8
|
+
def authenticate_with_http_basic(&block)
|
9
|
+
controller.authenticate_with_http_basic(&block)
|
10
|
+
end
|
11
|
+
|
12
|
+
def cookies
|
13
|
+
controller.send(:cookies)
|
14
|
+
end
|
15
|
+
|
16
|
+
def cookie_domain
|
17
|
+
if Rails::VERSION::STRING >= "3.0.0"
|
18
|
+
Rails.application.config.send(:session_options)[:domain]
|
19
|
+
else
|
20
|
+
@cookie_domain_key ||= Rails::VERSION::STRING >= '2.3' ? :domain : :session_domain
|
21
|
+
ActionController::Base.session_options[@cookie_domain_key]
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
def request_content_type
|
26
|
+
request.format.to_s
|
27
|
+
end
|
28
|
+
|
29
|
+
# Lets Authlogic know about the controller object via a before filter, AKA "activates" authlogic.
|
30
|
+
module RailsImplementation
|
31
|
+
def self.included(klass) # :nodoc:
|
32
|
+
if defined?(::ApplicationController)
|
33
|
+
raise AuthlogicLoadedTooLateError.new("Authlogic is trying to prepend a before_filter in ActionController::Base to active itself" +
|
34
|
+
", the problem is that ApplicationController has already been loaded meaning the before_filter won't get copied into your" +
|
35
|
+
" application. Generally this is due to another gem or plugin requiring your ApplicationController prematurely, such as" +
|
36
|
+
" the resource_controller plugin. The solution is to require Authlogic before these other gems / plugins. Please require" +
|
37
|
+
" authlogic first to get rid of this error.")
|
38
|
+
end
|
39
|
+
|
40
|
+
klass.prepend_before_filter :activate_authlogic
|
41
|
+
end
|
42
|
+
|
43
|
+
private
|
44
|
+
def activate_authlogic
|
45
|
+
Authlogic::Session::Base.controller = RailsAdapter.new(self)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
ActionController::Base.send(:include, Authlogic::ControllerAdapters::RailsAdapter::RailsImplementation)
|
@@ -0,0 +1,61 @@
|
|
1
|
+
# Authlogic bridge for Sinatra
|
2
|
+
module Authlogic
|
3
|
+
module ControllerAdapters
|
4
|
+
module SinatraAdapter
|
5
|
+
class Cookies
|
6
|
+
attr_reader :request, :response
|
7
|
+
|
8
|
+
def initialize(request, response)
|
9
|
+
@request = request
|
10
|
+
@response = response
|
11
|
+
end
|
12
|
+
|
13
|
+
def delete(key, options = {})
|
14
|
+
@request.cookies.delete(key)
|
15
|
+
end
|
16
|
+
|
17
|
+
def []=(key, options)
|
18
|
+
@response.set_cookie(key, options)
|
19
|
+
end
|
20
|
+
|
21
|
+
def method_missing(meth, *args, &block)
|
22
|
+
@request.cookies.send(meth, *args, &block)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
class Controller
|
27
|
+
attr_reader :request, :response, :cookies
|
28
|
+
|
29
|
+
def initialize(request, response)
|
30
|
+
@request = request
|
31
|
+
@cookies = Cookies.new(request, response)
|
32
|
+
end
|
33
|
+
|
34
|
+
def session
|
35
|
+
env['rack.session']
|
36
|
+
end
|
37
|
+
|
38
|
+
def method_missing(meth, *args, &block)
|
39
|
+
@request.send meth, *args, &block
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
class Adapter < AbstractAdapter
|
44
|
+
def cookie_domain
|
45
|
+
env['SERVER_NAME']
|
46
|
+
end
|
47
|
+
|
48
|
+
module Implementation
|
49
|
+
def self.included(klass)
|
50
|
+
klass.send :before do
|
51
|
+
controller = Controller.new(request, response)
|
52
|
+
Authlogic::Session::Base.controller = Adapter.new(controller)
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
Sinatra::Request.send(:include, Authlogic::ControllerAdapters::SinatraAdapter::Adapter::Implementation)
|
@@ -0,0 +1,43 @@
|
|
1
|
+
require "openssl"
|
2
|
+
|
3
|
+
module Authlogic
|
4
|
+
module CryptoProviders
|
5
|
+
# This encryption method is reversible if you have the supplied key. So in order to use this encryption method you must supply it with a key first.
|
6
|
+
# In an initializer, or before your application initializes, you should do the following:
|
7
|
+
#
|
8
|
+
# Authlogic::CryptoProviders::AES256.key = "my really long and unique key, preferrably a bunch of random characters"
|
9
|
+
#
|
10
|
+
# My final comment is that this is a strong encryption method, but its main weakness is that its reversible. If you do not need to reverse the hash
|
11
|
+
# then you should consider Sha512 or BCrypt instead.
|
12
|
+
#
|
13
|
+
# Keep your key in a safe place, some even say the key should be stored on a separate server.
|
14
|
+
# This won't hurt performance because the only time it will try and access the key on the separate server is during initialization, which only
|
15
|
+
# happens once. The reasoning behind this is if someone does compromise your server they won't have the key also. Basically, you don't want to
|
16
|
+
# store the key with the lock.
|
17
|
+
class AES256
|
18
|
+
class << self
|
19
|
+
attr_writer :key
|
20
|
+
|
21
|
+
def encrypt(*tokens)
|
22
|
+
aes.encrypt
|
23
|
+
aes.key = @key
|
24
|
+
[aes.update(tokens.join) + aes.final].pack("m").chomp
|
25
|
+
end
|
26
|
+
|
27
|
+
def matches?(crypted, *tokens)
|
28
|
+
aes.decrypt
|
29
|
+
aes.key = @key
|
30
|
+
(aes.update(crypted.unpack("m").first) + aes.final) == tokens.join
|
31
|
+
rescue OpenSSL::CipherError
|
32
|
+
false
|
33
|
+
end
|
34
|
+
|
35
|
+
private
|
36
|
+
def aes
|
37
|
+
raise ArgumentError.new("You must provide a key like #{name}.key = my_key before using the #{name}") if @key.blank?
|
38
|
+
@aes ||= OpenSSL::Cipher::Cipher.new("AES-256-ECB")
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,90 @@
|
|
1
|
+
begin
|
2
|
+
require "bcrypt"
|
3
|
+
rescue LoadError
|
4
|
+
"sudo gem install bcrypt-ruby"
|
5
|
+
end
|
6
|
+
|
7
|
+
module Authlogic
|
8
|
+
module CryptoProviders
|
9
|
+
# For most apps Sha512 is plenty secure, but if you are building an app that stores nuclear launch codes you might want to consier BCrypt. This is an extremely
|
10
|
+
# secure hashing algorithm, mainly because it is slow. A brute force attack on a BCrypt encrypted password would take much longer than a brute force attack on a
|
11
|
+
# password encrypted with a Sha algorithm. Keep in mind you are sacrificing performance by using this, generating a password takes exponentially longer than any
|
12
|
+
# of the Sha algorithms. I did some benchmarking to save you some time with your decision:
|
13
|
+
#
|
14
|
+
# require "bcrypt"
|
15
|
+
# require "digest"
|
16
|
+
# require "benchmark"
|
17
|
+
#
|
18
|
+
# Benchmark.bm(18) do |x|
|
19
|
+
# x.report("BCrypt (cost = 10:") { 100.times { BCrypt::Password.create("mypass", :cost => 10) } }
|
20
|
+
# x.report("BCrypt (cost = 2:") { 100.times { BCrypt::Password.create("mypass", :cost => 2) } }
|
21
|
+
# x.report("Sha512:") { 100.times { Digest::SHA512.hexdigest("mypass") } }
|
22
|
+
# x.report("Sha1:") { 100.times { Digest::SHA1.hexdigest("mypass") } }
|
23
|
+
# end
|
24
|
+
#
|
25
|
+
# user system total real
|
26
|
+
# BCrypt (cost = 10): 10.780000 0.060000 10.840000 ( 11.100289)
|
27
|
+
# BCrypt (cost = 2): 0.180000 0.000000 0.180000 ( 0.181914)
|
28
|
+
# Sha512: 0.000000 0.000000 0.000000 ( 0.000829)
|
29
|
+
# Sha1: 0.000000 0.000000 0.000000 ( 0.000395)
|
30
|
+
#
|
31
|
+
# You can play around with the cost to get that perfect balance between performance and security.
|
32
|
+
#
|
33
|
+
# Decided BCrypt is for you? Just insall the bcrypt gem:
|
34
|
+
#
|
35
|
+
# gem install bcrypt-ruby
|
36
|
+
#
|
37
|
+
# Tell acts_as_authentic to use it:
|
38
|
+
#
|
39
|
+
# acts_as_authentic do |c|
|
40
|
+
# c.crypto_provider = Authlogic::CryptoProviders::BCrypt
|
41
|
+
# end
|
42
|
+
#
|
43
|
+
# You are good to go!
|
44
|
+
class BCrypt
|
45
|
+
class << self
|
46
|
+
# This is the :cost option for the BCrpyt library. The higher the cost the more secure it is and the longer is take the generate a hash. By default this is 10.
|
47
|
+
# Set this to whatever you want, play around with it to get that perfect balance between security and performance.
|
48
|
+
def cost
|
49
|
+
@cost ||= 10
|
50
|
+
end
|
51
|
+
attr_writer :cost
|
52
|
+
|
53
|
+
# Creates a BCrypt hash for the password passed.
|
54
|
+
def encrypt(*tokens)
|
55
|
+
::BCrypt::Password.create(join_tokens(tokens), :cost => cost)
|
56
|
+
end
|
57
|
+
|
58
|
+
# Does the hash match the tokens? Uses the same tokens that were used to encrypt.
|
59
|
+
def matches?(hash, *tokens)
|
60
|
+
hash = new_from_hash(hash)
|
61
|
+
return false if hash.blank?
|
62
|
+
hash == join_tokens(tokens)
|
63
|
+
end
|
64
|
+
|
65
|
+
# This method is used as a flag to tell Authlogic to "resave" the password upon a successful login, using the new cost
|
66
|
+
def cost_matches?(hash)
|
67
|
+
hash = new_from_hash(hash)
|
68
|
+
if hash.blank?
|
69
|
+
false
|
70
|
+
else
|
71
|
+
hash.cost == cost
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
private
|
76
|
+
def join_tokens(tokens)
|
77
|
+
tokens.flatten.join
|
78
|
+
end
|
79
|
+
|
80
|
+
def new_from_hash(hash)
|
81
|
+
begin
|
82
|
+
::BCrypt::Password.new(hash)
|
83
|
+
rescue ::BCrypt::Errors::InvalidHash
|
84
|
+
return nil
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
require "digest/md5"
|
2
|
+
|
3
|
+
module Authlogic
|
4
|
+
module CryptoProviders
|
5
|
+
# This class was made for the users transitioning from md5 based systems.
|
6
|
+
# I highly discourage using this crypto provider as it superbly inferior
|
7
|
+
# to your other options.
|
8
|
+
#
|
9
|
+
# Please use any other provider offered by Authlogic.
|
10
|
+
class MD5
|
11
|
+
class << self
|
12
|
+
attr_accessor :join_token
|
13
|
+
|
14
|
+
# The number of times to loop through the encryption.
|
15
|
+
def stretches
|
16
|
+
@stretches ||= 1
|
17
|
+
end
|
18
|
+
attr_writer :stretches
|
19
|
+
|
20
|
+
# Turns your raw password into a MD5 hash.
|
21
|
+
def encrypt(*tokens)
|
22
|
+
digest = tokens.flatten.join(join_token)
|
23
|
+
stretches.times { digest = Digest::MD5.hexdigest(digest) }
|
24
|
+
digest
|
25
|
+
end
|
26
|
+
|
27
|
+
# Does the crypted password match the tokens? Uses the same tokens that were used to encrypt.
|
28
|
+
def matches?(crypted, *tokens)
|
29
|
+
encrypt(*tokens) == crypted
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
require "digest/sha1"
|
2
|
+
|
3
|
+
module Authlogic
|
4
|
+
module CryptoProviders
|
5
|
+
# This class was made for the users transitioning from restful_authentication. I highly discourage using this
|
6
|
+
# crypto provider as it inferior to your other options. Please use any other provider offered by Authlogic.
|
7
|
+
class Sha1
|
8
|
+
class << self
|
9
|
+
def join_token
|
10
|
+
@join_token ||= "--"
|
11
|
+
end
|
12
|
+
attr_writer :join_token
|
13
|
+
|
14
|
+
# The number of times to loop through the encryption. This is ten because that is what restful_authentication defaults to.
|
15
|
+
def stretches
|
16
|
+
@stretches ||= 10
|
17
|
+
end
|
18
|
+
attr_writer :stretches
|
19
|
+
|
20
|
+
# Turns your raw password into a Sha1 hash.
|
21
|
+
def encrypt(*tokens)
|
22
|
+
tokens = tokens.flatten
|
23
|
+
digest = tokens.shift
|
24
|
+
stretches.times { digest = Digest::SHA1.hexdigest([digest, *tokens].join(join_token)) }
|
25
|
+
digest
|
26
|
+
end
|
27
|
+
|
28
|
+
# Does the crypted password match the tokens? Uses the same tokens that were used to encrypt.
|
29
|
+
def matches?(crypted, *tokens)
|
30
|
+
encrypt(*tokens) == crypted
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
require "digest/sha2"
|
2
|
+
|
3
|
+
module Authlogic
|
4
|
+
# The acts_as_authentic method has a crypto_provider option. This allows you to use any type of encryption you like.
|
5
|
+
# Just create a class with a class level encrypt and matches? method. See example below.
|
6
|
+
#
|
7
|
+
# === Example
|
8
|
+
#
|
9
|
+
# class MyAwesomeEncryptionMethod
|
10
|
+
# def self.encrypt(*tokens)
|
11
|
+
# # the tokens passed will be an array of objects, what type of object is irrelevant,
|
12
|
+
# # just do what you need to do with them and return a single encrypted string.
|
13
|
+
# # for example, you will most likely join all of the objects into a single string and then encrypt that string
|
14
|
+
# end
|
15
|
+
#
|
16
|
+
# def self.matches?(crypted, *tokens)
|
17
|
+
# # return true if the crypted string matches the tokens.
|
18
|
+
# # depending on your algorithm you might decrypt the string then compare it to the token, or you might
|
19
|
+
# # encrypt the tokens and make sure it matches the crypted string, its up to you
|
20
|
+
# end
|
21
|
+
# end
|
22
|
+
module CryptoProviders
|
23
|
+
# = Sha256
|
24
|
+
#
|
25
|
+
# Uses the Sha256 hash algorithm to encrypt passwords.
|
26
|
+
class Sha256
|
27
|
+
class << self
|
28
|
+
attr_accessor :join_token
|
29
|
+
|
30
|
+
# The number of times to loop through the encryption. This is ten because that is what restful_authentication defaults to.
|
31
|
+
def stretches
|
32
|
+
@stretches ||= 20
|
33
|
+
end
|
34
|
+
attr_writer :stretches
|
35
|
+
|
36
|
+
# Turns your raw password into a Sha256 hash.
|
37
|
+
def encrypt(*tokens)
|
38
|
+
digest = tokens.flatten.join(join_token)
|
39
|
+
stretches.times { digest = Digest::SHA256.hexdigest(digest) }
|
40
|
+
digest
|
41
|
+
end
|
42
|
+
|
43
|
+
# Does the crypted password match the tokens? Uses the same tokens that were used to encrypt.
|
44
|
+
def matches?(crypted, *tokens)
|
45
|
+
encrypt(*tokens) == crypted
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|