Permalink
Browse files

Changing SECURE_AUTH_SITE_KEY to mattr_accessor, adding gitignore and…

… removing log files from test app.
  • Loading branch information...
1 parent 7ce49cb commit f8f8ba06a1347f88f12aef71586b697e28875f3a @carlosantoniodasilva carlosantoniodasilva committed Oct 8, 2009
Showing with 13 additions and 26,297 deletions.
  1. +5 −0 .gitignore
  2. +6 −6 lib/devise/models/authenticable.rb
  3. +2 −2 test/models/authenticable_test.rb
  4. +0 −1 test/rails_app/log/development.log
  5. +0 −26,288 test/rails_app/log/test.log
View
@@ -0,0 +1,5 @@
+log/*
+tmp/*
+*~
+coverage/*
+*.sqlite3
@@ -2,8 +2,9 @@ module Devise
module Authenticable
require 'digest/sha1'
- # Auth key for encrypting password
- SECURE_AUTH_SITE_KEY = '23c64df433d9b08e464db5c05d1e6202dd2823f0'
+ # Pepper for encrypting password
+ mattr_accessor :pepper
+ self.pepper = '23c64df433d9b08e464db5c05d1e6202dd2823f0'
def self.included(base)
base.class_eval do
@@ -47,11 +48,11 @@ def encrypt_password
self.encrypted_password = password_digest(password)
end
- # Gererates a default password digest based on salt, SECURE_AUTH_SITE_KEY
- # and the incoming password
+ # Gererates a default password digest based on salt, pepper and the
+ # incoming password
#
def password_digest(password_to_digest)
- secure_digest(password_salt, SECURE_AUTH_SITE_KEY, password_to_digest)
+ secure_digest(password_salt, @@pepper, password_to_digest)
end
# Generate a SHA1 digest joining args. Generated token is something like
@@ -80,4 +81,3 @@ def authenticate(email, password)
end
end
end
-
@@ -91,9 +91,9 @@ class AuthenticableTest < ActiveSupport::TestCase
end
test 'should encrypt password using a sha1 hash' do
- digest_key = Devise::Authenticable::SECURE_AUTH_SITE_KEY
+ Devise::Authenticable.pepper = 'pepper'
user = create_user
- expected_password = ::Digest::SHA1.hexdigest("--#{user.password_salt}--#{digest_key}--123456--")
+ expected_password = ::Digest::SHA1.hexdigest("--#{user.password_salt}--pepper--123456--")
assert_equal expected_password, user.encrypted_password
end
@@ -1 +0,0 @@
-# Logfile created on Wed Oct 07 20:20:37 -0300 2009
Oops, something went wrong. Retry.

0 comments on commit f8f8ba0

Please sign in to comment.