SHA1 passwords

brynary · Mar 15, 2009 · 3d5b4ce · 3d5b4ce
1 parent 6665527
commit 3d5b4ce
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/lib/rack/bug/toolbar.rb b/lib/rack/bug/toolbar.rb
@@ -1,4 +1,5 @@
 require "ipaddr"
+require "digest"
 
 require "rack/bug/panels/timer_panel"
 require "rack/bug/panels/env_panel"
@@ -37,7 +38,11 @@ def modify?(env, response)
         env["X-Requested-With"] != "XMLHttpRequest" &&
         MIME_TYPES.include?(response.content_type) &&
         (!ip_mask || ip_mask.include?(IPAddr.new(env["REMOTE_ADDR"]))) &&
-        (!password || Request.new(env).cookies["rack_bug_password"] == @options[:password])
+        (!password || Request.new(env).cookies["rack_bug_password"] == password_sha)
+      end
+
+      def password_sha
+        Digest::SHA1.hexdigest ["rack_bug", password].join(":")
       end
 
       def password

diff --git a/spec/rack/bug_spec.rb b/spec/rack/bug_spec.rb
@@ -64,7 +64,8 @@ def app
     end
 
     it "inserts the Rack::Bug toolbar when the password matches" do
-      response = get "/", {}, :cookie => "rack_bug_password=secret"
+      sha = "545049d1c5e2a6e0dfefd37f9a9e0beb95241935"
+      response = get "/", {}, :cookie => "rack_bug_password=#{sha}"
       response.should contain("Rack::Bug")
     end