insoshi / insoshi fork watch download tarball
public
Description: The open source social networking platform in Ruby on Rails from the author of RailsSpace
Homepage: http://insoshi.com
Clone URL: git://github.com/insoshi/insoshi.git
Search Repo: 
Decryptable passwords
Michael Hartl (author)
Wed Feb 20 17:59:23 -0800 2008
commit  a56d187d34748a21b3afe2311da26e03a6f1c428
tree    b25d3dd4e48febeb870f33772d1d6c821f15aa09
parent  e8bc0fc2eda4fedff91c736255bb5676d11cdc53
0
app/models/person.rb 
...
30
31
32
33
34
35
36
 
 
 
37
38
39
40
41
 
 
 
 
 
42
43
44
45
 
 
 
 
 
 
46
47
48
...
51
52
53
54
 
55
56
57
...
60
61
62
63
 
 
64
65
66
...
78
79
80
81
82
83
84
85
86
87
88
89
90
 
...
30
31
32
 
 
 
 
33
34
35
36
37
38
39
 
40
41
42
43
44
45
46
47
 
48
49
50
51
52
53
54
55
56
...
59
60
61
 
62
63
64
65
...
68
69
70
 
71
72
73
74
75
...
87
88
89
 
90
91
92
93
94
95
 
 
96
 
0
@@ -30,19 +30,27 @@ class Person < ActiveRecord::Base
0
     u = find_by_email(email.downcase) # need to get the salt
0
     u && u.authenticated?(password) ? u : nil
0
   end
0
-
0
-  # Encrypts some data with the salt.
0
-  def self.encrypt(password, salt)
0
-    Digest::SHA1.hexdigest("--#{salt}--#{password}--")
0
+  
0
+  def self.encrypt(password)
0
+    Crypto::Key.from_file('rsa_key.pub').encrypt(password)
0
   end
0
 
0
   # Encrypts the password with the user salt
0
   def encrypt(password)
0
-    self.class.encrypt(password, salt)
0
+    self.class.encrypt(password)
0
+  end
0
+
0
+  def decrypt(password)
0
+    Crypto::Key.from_file('rsa_key').decrypt(password)
0
   end
0
 
0
   def authenticated?(password)
0
-    crypted_password == encrypt(password)
0
+    unencrypted_password == password
0
+  end
0
+  
0
+  def unencrypted_password
0
+    # The gsub trickery is to unescape the key from the DB.
0
+    decrypt(crypted_password.gsub(/\\n/, "\n"))
0
   end
0
 
0
   def remember_token?
0
@@ -51,7 +59,7 @@ class Person < ActiveRecord::Base
0
 
0
   # These create and unset the fields required for remembering users between browser closes
0
   def remember_me
0
-    remember_me_for 2.weeks
0
+    remember_me_for 2.years
0
   end
0
 
0
   def remember_me_for(time)
0
@@ -60,7 +68,8 @@ class Person < ActiveRecord::Base
0
 
0
   def remember_me_until(time)
0
     self.remember_token_expires_at = time
0
-    self.remember_token            = encrypt("#{email}--#{remember_token_expires_at}")
0
+    key = "#{email}--#{remember_token_expires_at}"
0
+    self.remember_token = Digest::SHA1.hexdigest(key)
0
     save(false)
0
   end
0
 
0
@@ -78,13 +87,10 @@ class Person < ActiveRecord::Base
0
 
0
     def encrypt_password
0
       return if password.blank?
0
-      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{email}--") if new_record?
0
       self.crypted_password = encrypt(password)
0
     end
0
       
0
     def password_required?
0
       crypted_password.blank? || !password.blank?
0
     end
0
-    
0
-    
0
 end
0
spec/fixtures/people.yml 
...
2
3
4
5
6
 
7
8
9
...
12
13
14
15
16
 
17
18
19
 
...
2
3
4
 
 
5
6
7
8
...
11
12
13
 
 
14
15
16
17
 
0
@@ -2,8 +2,7 @@ quentin:
0
   email: quentin@example.com
0
   name: Quentin
0
   description: I'm Quentin
0
-  salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
0
-  crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
0
+  crypted_password: JdoXqX9FKe9zeGEArrs796+NtoqYBT3DYSRe/1CyHMyNorHPvUImHPJfx1mM\nsz7hEFypKH7p/jRAnwQLVbcJTdjL8+Wet4/bJOT55NN2eWMRb/wZKGdljOy9\nbTEAenLKKEQNQtpE7QQiiSQ7a1DACJxhPYqWAn1lOQ9K8Rv77MA=\n
0
   created_at: <%= 5.days.ago.to_s :db %>
0
 
0
 
0
@@ -12,8 +11,7 @@ aaron:
0
   email: aaron@example.com
0
   name: Aaron
0
   description: I'm Aaron
0
-  salt: 7e3041ebc2fc05a40c60028e2c4901a81035d3cd
0
-  crypted_password: 00742970dc9e6319f8019fd54864d3ea740f04b1 # test
0
+  crypted_password: JdoXqX9FKe9zeGEArrs796+NtoqYBT3DYSRe/1CyHMyNorHPvUImHPJfx1mM\nsz7hEFypKH7p/jRAnwQLVbcJTdjL8+Wet4/bJOT55NN2eWMRb/wZKGdljOy9\nbTEAenLKKEQNQtpE7QQiiSQ7a1DACJxhPYqWAn1lOQ9K8Rv77MA=\n
0
   created_at: <%= 1.day.ago.to_s :db %>
0
 
0
 
0
spec/models/person_spec.rb 
...
33
34
35
36
37
38
39
40
41
42
43
...
77
78
79
80
 
81
82
 
83
84
85
 
...
33
34
35
 
 
 
 
 
36
37
38
...
72
73
74
 
75
76
 
77
78
79
80
 
0
@@ -33,11 +33,6 @@ describe Person do
0
     Person.authenticate('quentin@example.com', 'newp').should == @person
0
   end
0
 
0
-  it 'does not rehash password' do
0
-    @person.update_attributes(:email => 'quentin2@example.com')
0
-    Person.authenticate('quentin2@example.com', 'test').should == @person
0
-  end
0
-
0
   it 'authenticates person' do
0
     Person.authenticate('quentin@example.com', 'test').should == @person
0
   end
0
@@ -77,9 +72,9 @@ describe Person do
0
   end
0
 
0
   it 'remembers me default two weeks' do
0
-    before = 2.weeks.from_now.utc
0
+    before = 2.years.from_now.utc
0
     @person.remember_me
0
-    after = 2.weeks.from_now.utc
0
+    after = 2.years.from_now.utc
0
     @person.remember_token.should_not be_nil
0
     @person.remember_token_expires_at.should_not be_nil
0
     @person.remember_token_expires_at.between?(before, after).should be_true

Comments

    No one has commented yet.