Merge pull request #1709 from plataformatec/extracting_bcrypt

Moved BCrypt logic to a Encryptor
heartcombo · Mar 9, 2012 · 94c05e3 · 94c05e3
2 parents a394cea + 45298c0
commit 94c05e3
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 7 deletions.
diff --git a/lib/devise.rb b/lib/devise.rb
@@ -23,6 +23,7 @@ module Controllers
   module Encryptors
     autoload :Base, 'devise/encryptors/base'
     autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
+    autoload :BCrypt, 'devise/encryptors/bcrypt'
     autoload :ClearanceSha1, 'devise/encryptors/clearance_sha1'
     autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
     autoload :Sha512, 'devise/encryptors/sha512'

diff --git a/lib/devise/encryptors/base.rb b/lib/devise/encryptors/base.rb
@@ -15,6 +15,10 @@ def self.digest
       def self.salt(stretches)
         Devise.friendly_token[0,20]
       end
+
+      def self.compare(encrypted_password, password, stretches, salt, pepper)
+        Devise.secure_compare(encrypted_password, digest(password, stretches, salt, pepper))
+      end
     end
   end
-end
+end
diff --git a/lib/devise/encryptors/bcrypt.rb b/lib/devise/encryptors/bcrypt.rb
@@ -0,0 +1,14 @@
+module Devise
+  module Encryptors
+    class BCrypt < Base
+      def self.digest(password, stretches, salt, pepper)
+        ::BCrypt::Engine.hash_secret("#{password}#{pepper}",salt, stretches)
+      end
+
+      def self.compare(encrypted_password, password, stretches, salt, pepper)
+        salt = ::BCrypt::Password.new(encrypted_password).salt
+        Devise.secure_compare(encrypted_password, digest(password, stretches, salt, pepper))
+      end
+    end
+  end
+end
diff --git a/lib/devise/models/database_authenticatable.rb b/lib/devise/models/database_authenticatable.rb
@@ -40,9 +40,7 @@ def password=(new_password)
       # Verifies whether an password (ie from sign in) is the user password.
       def valid_password?(password)
         return false if encrypted_password.blank?
-        bcrypt   = ::BCrypt::Password.new(self.encrypted_password)
-        password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt)
-        Devise.secure_compare(password, self.encrypted_password)
+        Devise::Encryptors::BCrypt.compare(self.encrypted_password, password, self.class.stretches, nil, self.class.pepper)
       end
 
       # Set password and password confirmation to nil
@@ -107,7 +105,7 @@ def authenticatable_salt
 
       # Digests the password using bcrypt.
       def password_digest(password)
-        ::BCrypt::Password.create("#{password}#{self.class.pepper}", :cost => self.class.stretches).to_s
+        Devise::Encryptors::BCrypt.digest(password, self.class.stretches, ::BCrypt::Engine.generate_salt, self.class.pepper)
       end
 
       module ClassMethods

diff --git a/lib/devise/models/encryptable.rb b/lib/devise/models/encryptable.rb
@@ -40,7 +40,7 @@ def authenticatable_salt
 
       # Verifies whether an incoming_password (ie from sign in) is the user password.
       def valid_password?(incoming_password)
-        Devise.secure_compare(password_digest(incoming_password), self.encrypted_password)
+        self.class.encryptor_class.compare(self.encrypted_password,incoming_password, self.class.stretches, self.password_salt, self.class.pepper)
       end
 
     protected
@@ -73,4 +73,4 @@ def password_salt
       end
     end
   end
-end
+end