Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Finished the password machinery

  • Loading branch information...
commit 33766bbdb5f170713158a86bf83641324a95439d 1 parent 7bcc552
@MichaelSuchowski authored
View
34 app/models/user.rb
@@ -16,5 +16,39 @@ class User < ActiveRecord::Base
validates :password, :presence => true,
:confirmation => true,
:length => {:within => 6..40}
+
+ before_save :encrypt_password
+
+ def User.authenticate(email, submitted_password)
+ user = find_by_email(email)
+ return nil if user.nil
+ return user if user.has_password?(submitted_password)
+
+ end
+
+
+ def has_password?(submitted_password)
+ encrypted_password == encrypt(submitted_password)
+
+ end
+
+ private
+
+ def encrypt_password
+ self.salt = make_salt if new_record?
+ self.encrypted_password = encrypt(password)
+ end
+
+ def encrypt(string)
+ secure_hash("#{salt}--#{string}")
+ end
+
+ def make_salt
+ secure_hash("#{Time.now.utc}--#{password}")
+ end
+
+ def secure_hash(string)
+ Digest::SHA2.hexdigest(string)
+ end
end
View
9 db/migrate/20110524165240_add_salt_to_users.rb
@@ -0,0 +1,9 @@
+class AddSaltToUsers < ActiveRecord::Migration
+ def self.up
+ add_column :users, :salt, :string
+ end
+
+ def self.down
+ remove_column :users, :salt
+ end
+end
View
3  db/schema.rb
@@ -10,7 +10,7 @@
#
# It's strongly recommended to check this file into your version control system.
-ActiveRecord::Schema.define(:version => 20110523201939) do
+ActiveRecord::Schema.define(:version => 20110524165240) do
create_table "users", :force => true do |t|
t.string "name"
@@ -18,6 +18,7 @@
t.datetime "created_at"
t.datetime "updated_at"
t.string "encrypted_password"
+ t.string "salt"
end
add_index "users", ["email"], :name => "index_users_on_email", :unique => true
View
28 spec/models/user_spec.rb
@@ -104,6 +104,8 @@
describe "password encryption" do
+
+
before(:each) do
@user = User.create!(@attr)
end
@@ -111,7 +113,31 @@
it "should have encrypted password attribute" do
@user.should respond_to(:encrypted_password)
end
- end
+
+ it "should set the encrypted password attribute" do
+ @user.encrypted_password.should_not be_blank
+ end
+
+ it "should have a salt" do
+ @user.should respond_to(:salt)
+
+ end
+
+
+ describe "has_password? method" do
+
+ it "should exist" do
+ @user.should respond_to(:has_password?)
+ end
+
+ it "should return true if the passwords match" do
+ @user.has_password?(@attr[:password]).should be_true
+ end
+ it "should return false if the passwords match" do
+ @user.has_password?("invalid").should be_false
+ end
+ end
+ end
end
View
16 webrat.log
@@ -183,3 +183,19 @@ REQUESTING PAGE: GET / with {} and HTTP headers {}
REQUESTING PAGE: GET /about with {} and HTTP headers {"HTTP_REFERER"=>"/"}
REQUESTING PAGE: GET /contact with {} and HTTP headers {"HTTP_REFERER"=>"/about"}
REQUESTING PAGE: GET /help with {} and HTTP headers {"HTTP_REFERER"=>"/contact"}
+REQUESTING PAGE: GET / with {} and HTTP headers {}
+REQUESTING PAGE: GET /about with {} and HTTP headers {"HTTP_REFERER"=>"/"}
+REQUESTING PAGE: GET /contact with {} and HTTP headers {"HTTP_REFERER"=>"/about"}
+REQUESTING PAGE: GET /help with {} and HTTP headers {"HTTP_REFERER"=>"/contact"}
+REQUESTING PAGE: GET / with {} and HTTP headers {}
+REQUESTING PAGE: GET /about with {} and HTTP headers {"HTTP_REFERER"=>"/"}
+REQUESTING PAGE: GET /contact with {} and HTTP headers {"HTTP_REFERER"=>"/about"}
+REQUESTING PAGE: GET /help with {} and HTTP headers {"HTTP_REFERER"=>"/contact"}
+REQUESTING PAGE: GET / with {} and HTTP headers {}
+REQUESTING PAGE: GET /about with {} and HTTP headers {"HTTP_REFERER"=>"/"}
+REQUESTING PAGE: GET /contact with {} and HTTP headers {"HTTP_REFERER"=>"/about"}
+REQUESTING PAGE: GET /help with {} and HTTP headers {"HTTP_REFERER"=>"/contact"}
+REQUESTING PAGE: GET / with {} and HTTP headers {}
+REQUESTING PAGE: GET /about with {} and HTTP headers {"HTTP_REFERER"=>"/"}
+REQUESTING PAGE: GET /contact with {} and HTTP headers {"HTTP_REFERER"=>"/about"}
+REQUESTING PAGE: GET /help with {} and HTTP headers {"HTTP_REFERER"=>"/contact"}
Please sign in to comment.
Something went wrong with that request. Please try again.