Permalink
Browse files

Passwords now hashed using bcrypt.

  • Loading branch information...
1 parent 2fc41b9 commit 865e681388ef8e79a32238a216167736a8916dec @jplewicke committed Mar 29, 2011
Showing with 10 additions and 6 deletions.
  1. +1 −0 Gemfile
  2. +4 −2 auth.rb
  3. +2 −2 neo_classes.rb
  4. +1 −1 routes.rb
  5. +2 −1 test_init.rb
View
@@ -5,6 +5,7 @@ gem "neo4j", "1.0.0"
gem "json"
gem "warbler"
gem "glassfish"
+gem "bcrypt-ruby"
gem "rspec"
gem "ruby-debug"
View
@@ -1,4 +1,6 @@
-require "neo_classes"
+require 'neo_classes'
+require 'bcrypt'
+
#Throws a 401 if the provided credentials don't match at least one of the enumerated users.
def protected!(user_ids)
@@ -11,7 +13,7 @@ def protected!(user_ids)
def authorized?(user_id)
user_creds = User.creds_from_id(user_id)
@auth ||= Rack::Auth::Basic::Request.new(request.env)
- @auth.provided? && @auth.basic? && @auth.credentials && @auth.credentials == user_creds
+ @auth.provided? && @auth.basic? && @auth.credentials && user_creds == @auth.credentials
end
def authed_user(user_ids)
View
@@ -54,7 +54,7 @@ def empty?
class User
include Neo4j::NodeMixin
- property :user_id, :depth, :secret
+ property :user_id, :depth, :encrypted_password
has_n(:trusts).relationship(CreditOffer)
@@ -102,7 +102,7 @@ def self.creds_from_id(user_id)
end
def credentials
- return [self.user_id, self.secret]
+ return [self.user_id, BCrypt::Password.new(self.encrypted_password)]
end
def to_json
View
@@ -56,7 +56,7 @@
end
#Create account for new user.
- user = User.new :user_id => params["user"], :depth => depth, :secret => params["secret"]
+ user = User.new :user_id => params["user"], :depth => depth, :encrypted_password => BCrypt::Password.create(params["secret"])
user.to_json
else
throw(:halt, [403, "Not authorized\n"])
View
@@ -1,4 +1,5 @@
require "app_classes"
+require "bcrypt"
num_nodes = 500
num_edges_per = 15
@@ -12,7 +13,7 @@
users = []
Neo4j::Transaction.run do
- users = user_ids.collect {|a| User.new :user_id => a, :depth => 15, :secret => "pw"}
+ users = user_ids.collect {|a| User.new :user_id => a, :depth => 15, :encrypted_password => BCrypt::Password.create("pw")}
puts users
end

0 comments on commit 865e681

Please sign in to comment.