Modified BCrpytt class to use root level class

jackdempsey · Nov 22, 2008 · 11e5ce1 · 11e5ce1
1 parent 387c12c
commit 11e5ce1
Show file tree

Hide file tree

Showing 8 changed files with 63 additions and 5 deletions.
diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc
@@ -1,8 +1,12 @@
+== 1.3.2 released 2008-11-22
+
+* Updated code to work better with BCrypt, using root level class now.
+
 == 1.3.1 released 2008-11-22
 
 * Fixed typo in acts_as_authentic config when passing the :scope option.
 * Added :act_like_restful_authentication option for acts_as_authentic
-* Added a new crypto provider: BCrypt, this is for the hardcore paranoid, or for those storing the nuclear launch codes in their apps
+* Added a new crypto provider: BCrypt, this is for those storing the nuclear launch codes in their apps
 
 == 1.3.0 released 2008-11-21
 

diff --git a/Manifest b/Manifest
@@ -3,6 +3,7 @@ init.rb
 lib/authlogic/controller_adapters/abstract_adapter.rb
 lib/authlogic/controller_adapters/merb_adapter.rb
 lib/authlogic/controller_adapters/rails_adapter.rb
+lib/authlogic/crypto_providers/bcrypt.rb
 lib/authlogic/crypto_providers/sha1.rb
 lib/authlogic/crypto_providers/sha512.rb
 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb

diff --git a/README.rdoc b/README.rdoc
@@ -363,6 +363,19 @@ Obviously there is a little more to it than this, but hopefully this clarifies a
 
 When things come together like this I think its a sign that you are doing something right. Put that in your pipe and smoke it!
 
+== Migrating from restful_authentication
+
+Migrating from the restful_authentication plugin? I made an option especially for you. Just do the following and everything will be taken care of, your users won't even know anything changed:
+
+  # app/models/user.rb
+  class User < ActiveRecord::Base
+    acts_as_authentic :acts_like_restful_authentication => true
+  end
+
+**What's the difference?**
+
+restful\_authentication uses Sha1 with 10 stretches to encrypt the password. Authlogic uses Sha512 with 20 stretches. Sha512 is stronger and more secure.
+
 == Framework agnostic (Rails, Merb, etc.)
 
 I designed Authlogic to be framework agnostic, meaning it doesn't care what framework you use it in. Right out of the box it supports rails and merb. I have not had the opportunity to use other frameworks, but the only thing stopping Authlogic from being used in other frameworks is a simple adapter. Check out controller_adapters/rails_adapter, or controller_adapters/merb_adapter.

diff --git a/lib/authlogic/crypto_providers/bcrypt.rb b/lib/authlogic/crypto_providers/bcrypt.rb
@@ -28,20 +28,28 @@ module CryptoProviders
     # Decided BCrypt is for you? Just insall the bcrypt gem:
     #
     #   gem install bcrypt-ruby
-    class Bcrypt
+    #
+    # Tell acts_as_authentic to use it:
+    #
+    #   acts_as_authentic :crypto_provider => Authlogic::CryptoProviders::BCrypt
+    #
+    # You are good to go!
+    class BCrypt
       class << self
+        # This is the :cost option for the BCrpyt library. The higher the cost the more secure it is and the longer is take the generate a hash. By default this is 10.
         def cost
           @cost ||= 10
         end
         attr_writer :cost
 
+        # Creates a BCrypt hash for the password passed.
         def encrypt(pass)
-          BCrypt::Password.create(pass, :cost => cost)
+          ::BCrypt::Password.create(pass, :cost => cost)
         end
 
         # This does not actually decrypt the password, BCrypt is *not* reversible. The way the bcrypt library is set up requires us to do it this way.
         def decrypt(crypted_pass)
-          BCrypt::Password.create(crypted_pass)
+          ::BCrypt::Password.new(crypted_pass)
         end
       end
     end

diff --git a/lib/authlogic/version.rb b/lib/authlogic/version.rb
@@ -44,7 +44,7 @@ def to_a
 
     MAJOR = 1
     MINOR = 3
-    TINY  = 0
+    TINY  = 2
 
     # The current version as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

diff --git a/test/crypto_provider_tests/bcrypt_test.rb b/test/crypto_provider_tests/bcrypt_test.rb
@@ -0,0 +1,14 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module CryptoProviderTests
+  class BCrpytTest < ActiveSupport::TestCase
+    def test_encrypt
+      assert Authlogic::CryptoProviders::BCrypt.encrypt("mypass")
+    end
+
+    def test_decrypt
+      hash = Authlogic::CryptoProviders::BCrypt.encrypt("mypass")
+      assert Authlogic::CryptoProviders::BCrypt.decrypt(hash) == "mypass"
+    end
+  end
+end
diff --git a/test/crypto_provider_tests/sha1_test.rb b/test/crypto_provider_tests/sha1_test.rb
@@ -0,0 +1,9 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module CryptoProviderTests
+  class Sha1Test < ActiveSupport::TestCase
+    def test_encrypt
+      assert Authlogic::CryptoProviders::Sha1.encrypt("mypass")
+    end
+  end
+end
diff --git a/test/crypto_provider_tests/sha512_test.rb b/test/crypto_provider_tests/sha512_test.rb
@@ -0,0 +1,9 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+
+module CryptoProviderTests
+  class Sha512Test < ActiveSupport::TestCase
+    def test_encrypt
+      assert Authlogic::CryptoProviders::Sha512.encrypt("mypass")
+    end
+  end
+end