Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Tidying up encryptors.

  • Loading branch information...
commit 6d09eb66cf26e90f570e29035f25d0233dfe7f04 1 parent 51f6333
@josevalim josevalim authored
View
4 CHANGELOG.rdoc
@@ -1,6 +1,6 @@
* enhancements
- * Moved encryption strategy into the Encryptors module to allow several algorithms
- * Implemented encryptors for Clearance, Authlogic and Restful-Authentication
+ * Moved encryption strategy into the Encryptors module to allow several algorithms (by github.com/mhfs)
+ * Implemented encryptors for Clearance, Authlogic and Restful-Authentication (by github.com/mhfs)
== 0.4.3
View
8 README.rdoc
@@ -27,7 +27,7 @@ All gems are on gemcutter, so you need to add gemcutter to your sources if you h
sudo gem sources -a http://gemcutter.org/
-Install warden gem if you don't have it installed (requires 0.5.1 or higher):
+Install warden gem if you don't have it installed (requires 0.5.2 or higher):
sudo gem install warden
@@ -236,6 +236,12 @@ Devise implements encryption strategies for Clearance, Authlogic and Restful-Aut
Please refer to TODO file.
+== Contributors
+
+* José Valim (http://github.com/josevalim)
+* Carlos Antônio da Silva (http://github.com/carlosantoniodasilva)
+* Marcelo Silveira (http://github.com/mhfs)
+
== Bugs and Feedback
If you discover any bugs or want to drop a line, feel free to create an issue on
View
3  TODO
@@ -3,6 +3,3 @@
* Use request_ip in session cookies
* Devise::BruteForceProtection
* Devise::MagicColumns
-* Improve Generators to pass modules as arguments
-* Different cryptography providers
-* Devise::Invitable
View
2  app/controllers/confirmations_controller.rb
@@ -18,7 +18,7 @@ def create
end
end
- # GET /resource/confirmation?perishable_token=abcdef
+ # GET /resource/confirmation?confirmation_token=abcdef
def show
self.resource = resource_class.confirm!(:confirmation_token => params[:confirmation_token])
View
2  app/controllers/passwords_controller.rb
@@ -20,7 +20,7 @@ def create
end
end
- # GET /resource/password/edit?perishable_token=abcdef
+ # GET /resource/password/edit?reset_password_token=abcdef
def edit
self.resource = resource_class.new
resource.reset_password_token = params[:reset_password_token]
View
2  generators/devise/templates/migration.rb
@@ -1,7 +1,7 @@
class DeviseCreate<%= table_name.camelize %> < ActiveRecord::Migration
def self.up
create_table(:<%= table_name %>) do |t|
- t.authenticatable
+ t.authenticatable :encryptor => :sha1
t.confirmable
t.recoverable
t.rememberable
View
15 generators/devise_install/templates/devise.rb
@@ -8,15 +8,12 @@
# Configure how many times you want the password is reencrypted. Default is 10.
# config.stretches = 10
- # Define what will be the encryption algorithm. Sha1 is the default.
- # Supported encryptions:
- # ::Devise::Encryptors::Sha1
- # ::Devise::Encryptors::Sha512
- # ::Devise::Encryptors::ClearanceSha1
- # ::Devise::Encryptors::AuthlogicSha512 (Should set stretches to 20 for default behavior)
- # ::Devise::Encryptors::RestfulAuthenticationSha1 (Should set stretches to 10 and copy REST_AUTH_SITE_KEY to pepper
- # for default behavior)
- # config.encryptor = ::Devise::Encryptors::Sha1
+ # Define which will be the encryption algorithm. Supported algorithms are :sha1
+ # (default) and :sha512. Devise also supports encryptors from others authentication
+ # frameworks as :clearance_sha1, :authlogic_sha512 (then you should set stretches
+ # above to 20 for default behavior) and :restful_authentication_sha1 (then you
+ # should set stretches to 10, and copy REST_AUTH_SITE_KEY to pepper)
+ # config.encryptor = :sha1
# The time you want give to your user to confirm his account. During this time
# he will be able to access your application without confirming. Default is nil.
View
24 lib/devise.rb
@@ -18,14 +18,19 @@ module Devise
:unconfirmed => :failure
}
+ # Declare encryptors length which are used in migrations.
+ ENCRYPTORS_LENGTH = {
+ :sha1 => 40,
+ :sha512 => 128,
+ :clearance_sha1 => 40,
+ :restful_authentication_sha1 => 40,
+ :authlogic_sha512 => 128
+ }
+
# Used to encrypt password. Please generate one with rake secret
mattr_accessor :pepper
@@pepper = nil
- # Used to define the password encryption algorithm
- mattr_accessor :encryptor
- @@encryptor = ::Devise::Encryptors::Sha1
-
# The number of times to encrypt password.
mattr_accessor :stretches
@@stretches = 10
@@ -38,6 +43,17 @@ module Devise
mattr_accessor :confirm_within
@@confirm_within = 0.days
+ # Used to define the password encryption algorithm.
+ def self.encryptor=(value)
+ @@encryptor = if value.is_a?(Symbol)
+ ::Devise::Encryptors.const_get(value.to_s.classify)
+ else
+ value
+ end
+ end
+ mattr_reader :encryptor
+ @@encryptor = ::Devise::Encryptors::Sha1
+
# Store scopes mappings.
mattr_accessor :mappings
@@mappings = {}
View
2  lib/devise/encryptors/sha1.rb
@@ -1,4 +1,4 @@
-require 'digest/sha1'
+require "digest/sha1"
module Devise
# Implements a way of adding different encryptions.
View
12 lib/devise/migrations.rb
@@ -19,11 +19,17 @@ module Migrations
# Creates email, encrypted_password and password_salt.
#
+ # == Options
+ # * :null when true, allow columns to be null
+ # * :encryptor The encryptor going to be used, necessary for setting the proper encrypter password length
+ #
def authenticatable(options={})
null = options[:null] || false
- string :email, :limit => 100, :null => null
- string :encrypted_password, :limit => 128, :null => null
- string :password_salt, :limit => 20, :null => null
+ encryptor = options[:encryptor] || :sha1
+
+ string :email, :null => null, :limit => 100
+ string :encrypted_password, :null => null, :limit => Devise::ENCRYPTORS_LENGTH[encryptor]
+ string :password_salt, :null => null, :limit => 20
end
# Creates confirmation_token, confirmed_at and confirmation_sent_at.
View
7 test/encryptors/encryptors_test.rb → test/encryptors_test.rb
@@ -18,4 +18,11 @@ class Encryptors < ActiveSupport::TestCase
assert_equal clearance, encryptor
end
+ Devise::ENCRYPTORS_LENGTH.each do |key, value|
+ test "should have length #{value} for #{key.inspect}" do
+ swap Devise, :encryptor => key do
+ assert_equal value, Devise.encryptor.digest('a', 2, 'b', 'c').size
+ end
+ end
+ end
end
Please sign in to comment.
Something went wrong with that request. Please try again.