Move to SHA256

lib/devise/rails.rb

@@ -30,18 +30,19 @@ class Engine < ::Rails::Engine
     end
 
     initializer "devise.secret_key" do
-      if secret_key = Devise.secret_key
-        Devise.token_generator = Devise::TokenGenerator.new(
-          Devise::CachingKeyGenerator.new(Devise::KeyGenerator.new(secret_key))
-        )
-      else
-        raise <<-ERROR
+      Devise.token_generator ||=
+        if secret_key = Devise.secret_key
+          Devise::TokenGenerator.new(
+            Devise::CachingKeyGenerator.new(Devise::KeyGenerator.new(secret_key))
+          )
+        else
+          raise <<-ERROR
 Devise.secret_key was not set. Please add the following to your Devise initializer:
 
   config.secret_key = '#{SecureRandom.hex(64)}'
 
 ERROR
-      end
+        end
     end
 
     initializer "devise.fix_routes_proxy_missing_respond_to_bug" do

lib/devise/token_generator.rb

@@ -5,28 +5,29 @@
 
 module Devise
   class TokenGenerator
-    def initialize(key_generator)
+    def initialize(key_generator, digest="SHA256")
       @key_generator = key_generator
+      @digest = digest
     end
 
     def digest(klass, column, value)
-      value.present? && OpenSSL::HMAC.hexdigest("SHA1", key_for(column), value.to_s)
+      value.present? && OpenSSL::HMAC.hexdigest(@digest, key_for(column), value.to_s)
     end
 
     def generate(klass, column)
       key = key_for(column)
 
       loop do
         raw = Devise.friendly_token
-        enc = OpenSSL::HMAC.hexdigest("SHA1", key, raw)
+        enc = OpenSSL::HMAC.hexdigest(@digest, key, raw)
         break [raw, enc] unless klass.to_adapter.find_first({ column => enc })
       end
     end
 
     private
-    
+
     def key_for(column)
-      @key_generator.generate_key(column.to_s)
+      @key_generator.generate_key("Devise #{column}")
     end
   end