Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

a monster merge :( #219

Closed
wants to merge 34 commits into from
Closed
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
44a7ae8
Whitespace fixes - make my vim happy
imajes Nov 3, 2011
4261719
reformat the authenticate method to be easier to read.
imajes Nov 3, 2011
ee347fe
Make 1.8 friendly
imajes Nov 3, 2011
796c1a8
ignore binstubs
imajes Nov 3, 2011
f6520fb
Not sure how this works without BCrypt bundled.
imajes Nov 3, 2011
fe4b6c8
whitespace. :(
imajes Nov 3, 2011
c684248
whitespace again. :(
imajes Nov 3, 2011
66f5217
Clarify the set_encryption_attributes method
imajes Nov 3, 2011
fde85a5
whitespace.
imajes Nov 3, 2011
d0e9cfd
require awesome_print in dev
imajes Nov 3, 2011
f02fc40
Refactor the matches? method for BCrypt
imajes Nov 3, 2011
f79ed55
some tests and such to make the pepper version work. all that's left …
imajes Nov 3, 2011
cb9d503
doh. all these are @...
imajes Nov 3, 2011
0c15225
make the respond_to and send work properly
imajes Nov 3, 2011
d7efb6d
the salt should still be passed, but we won't use it as we can have b…
imajes Nov 3, 2011
ca6a758
Merge branch 'master' of https://github.com/NoamB/sorcery
imajes Nov 3, 2011
96d7370
Merge branch 'master' of https://github.com/NoamB/sorcery
imajes Nov 3, 2011
540924b
whitespace.
imajes Nov 4, 2011
755ea4e
begin to document the config better
imajes Nov 4, 2011
dbbef07
attempt to fix salt and encryption
imajes Nov 4, 2011
1bc30ce
more experimentation with github formatting
imajes Nov 4, 2011
f0f8ca2
document the non user options..
imajes Nov 4, 2011
12ce52f
handle salt differently
imajes Nov 4, 2011
a83c4b3
ignore .swp files
imajes Nov 4, 2011
9ff2cea
Merge branch 'master' of https://github.com/NoamB/sorcery
imajes Nov 15, 2011
274af87
don't match unless you really want case insensitive matching - needs …
imajes Nov 22, 2011
0fb9b4f
simplify
imajes Nov 22, 2011
51c0e1a
these two are also needed to prevent the earlier hotfix from exploding
imajes Nov 22, 2011
72bbd0a
Update Gemfile
trvrplk Nov 28, 2011
e839e6b
Merge branch 'master' of https://github.com/NoamB/sorcery into upstream
imajes Dec 7, 2011
0104ac5
Merge branch 'master' of https://github.com/NoamB/sorcery
imajes Jan 23, 2012
91a2cd4
final documentation changes
imajes Feb 21, 2012
849c8b8
Merge branch 'master' of https://github.com/NoamB/sorcery
imajes Feb 21, 2012
8a55734
Fix support for downcase_username_before_authenticating with mongoid
imajes Feb 21, 2012
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
attempt to fix salt and encryption
  • Loading branch information
imajes committed Nov 4, 2011
commit dbbef072e24eb47e95be97639142c33ad186eefc
21 changes: 15 additions & 6 deletions lib/sorcery/model.rb
Original file line number Diff line number Diff line change
Expand Up @@ -191,11 +191,19 @@ def external?
# encrypts password with salt and saves it.
def encrypt_password
config = sorcery_config
_salt = TemporaryToken.generate_random_token # this seems wrong
_pass = self.class.encrypt(self.send(config.password_attribute_name), _salt)

self.send(:"#{config.salt_attribute_name}=", _salt) if !config.salt_attribute_name.nil?
self.send(:"#{config.crypted_password_attribute_name}=", _pass)
if requires_salt_generation?
_salt = TemporaryToken.generate_random_token
self.send("#{config.salt_attribute_name}=", _salt)
else
_salt = nil
end
_pass = self.class.encrypt(self.send(config.password_attribute_name), _salt)
self.send("#{config.crypted_password_attribute_name}=", _pass)
end

def requires_salt_generation?
sorcery_config.salt_attribute_name.present?
end

def clear_virtual_password
Expand Down Expand Up @@ -231,7 +239,8 @@ class Config

:crypted_password_attribute_name, # change default crypted_password attribute.
:salt_join_token, # what pattern to use to join the password with the salt
:salt_attribute_name, # change default salt attribute.
:salt_attribute_name, # change default salt attribute, which is nil (you should use bcrypt,
# which is saltless)
:pepper_key, # an optional pepper which can be used to enhance security (see: devise)
:stretches, # how many times to apply encryption to the password.
:encryption_key, # encryption key used to encrypt reversible encryptions such as
Expand Down Expand Up @@ -266,7 +275,7 @@ def initialize
:@encryption_key => nil,
:@pepper_key => nil,
:@salt_join_token => "",
:@salt_attribute_name => :salt,
:@salt_attribute_name => nil,
:@stretches => nil,
:@subclasses_inherit_config => false,
:@before_authenticate => [],
Expand Down
60 changes: 34 additions & 26 deletions spec/sorcery_crypto_providers_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -156,39 +156,47 @@

describe Sorcery::CryptoProviders::BCrypt do

before(:all) do
Sorcery::CryptoProviders::BCrypt.cost = 1
@digest = BCrypt::Password.create('Noam Ben-Ari', :cost => Sorcery::CryptoProviders::BCrypt.cost)
end

after(:each) do
Sorcery::CryptoProviders::BCrypt.reset!
end

it "should be comparable with original secret" do
BCrypt::Password.new(Sorcery::CryptoProviders::BCrypt.encrypt('Noam Ben-Ari')).should == 'Noam Ben-Ari'
end

it "works with multiple costs" do
Sorcery::CryptoProviders::BCrypt.cost = 3
BCrypt::Password.new(Sorcery::CryptoProviders::BCrypt.encrypt('Noam Ben-Ari')).should == 'Noam Ben-Ari'
end

it "matches? returns true when matches" do
Sorcery::CryptoProviders::BCrypt.matches?(@digest, 'Noam Ben-Ari').should be_true
end

it "matches? returns false when no match" do
Sorcery::CryptoProviders::BCrypt.matches?(@digest, 'Some Dude').should be_false
end
# before(:all) do
# Sorcery::CryptoProviders::BCrypt.cost = 1
# @digest = BCrypt::Password.create('Noam Ben-Ari', :cost => Sorcery::CryptoProviders::BCrypt.cost)
# end
#
# after(:each) do
# Sorcery::CryptoProviders::BCrypt.reset!
# end
#
# it "should be comparable with original secret" do
# BCrypt::Password.new(Sorcery::CryptoProviders::BCrypt.encrypt('Noam Ben-Ari')).should == 'Noam Ben-Ari'
# end
#
# it "works with multiple costs" do
# Sorcery::CryptoProviders::BCrypt.cost = 3
# BCrypt::Password.new(Sorcery::CryptoProviders::BCrypt.encrypt('Noam Ben-Ari')).should == 'Noam Ben-Ari'
# end
#
# it "matches? returns true when matches" do
# Sorcery::CryptoProviders::BCrypt.matches?(@digest, 'Noam Ben-Ari').should be_true
# end
#
# it "matches? returns false when no match" do
# Sorcery::CryptoProviders::BCrypt.matches?(@digest, 'Some Dude').should be_false
# end

context 'with a pepper' do
before(:all) do
Sorcery::CryptoProviders::BCrypt.cost = 1
@pepper = "a-reasonably-long-string"
@digest = BCrypt::Password.create("Noam Ben-Ari#{@pepper}", :cost => Sorcery::CryptoProviders::BCrypt.cost)
@digest = ::BCrypt::Password.create("Noam Ben-Ari#{@pepper}", :cost => Sorcery::CryptoProviders::BCrypt.cost)
end

it "creates a valid password which matches our expected digest" do
Sorcery::CryptoProviders::BCrypt.pepper_key = @pepper
new_pass = Sorcery::CryptoProviders::BCrypt.encrypt('Noam Ben-Ari')
expected_pass = ::BCrypt::Engine.hash_secret("Noam Ben-Ari#{@pepper}", new_pass.salt, Sorcery::CryptoProviders::BCrypt.cost)
new_pass.to_s.should == expected_pass.to_s
end


it "matches? returns true with a valid pepper and valid password" do
Sorcery::CryptoProviders::BCrypt.pepper_key = @pepper
Sorcery::CryptoProviders::BCrypt.matches?(@digest, 'Noam Ben-Ari').should be_true
Expand Down