Permalink
Browse files

switching to bcrypt for password encryption - closes #53

  • Loading branch information...
1 parent 271e421 commit ebb5bf1f928108862297f8620fe99800b8b66d49 @ryanb committed Oct 14, 2010
@@ -27,9 +27,10 @@ Feature: Nifty Authentication Generator
| match 'logout' => 'sessions#destroy', :as => :logout |
| match 'signup' => 'users#new', :as => :signup |
And I should see "include Authentication" in file "app/controllers/application_controller.rb"
+ And I should see "gem 'mocha', :group => :test" in file "Gemfile"
+ And I should see "gem 'bcrypt-ruby', :require => 'bcrypt'" in file "Gemfile"
When I run "rails g nifty:layout -f"
And I run "rake db:migrate"
- And I add "gem 'mocha', :group => :test" to file "Gemfile"
Then I should successfully run "rake test"
Scenario: Generate named authentication
@@ -55,5 +56,4 @@ Feature: Nifty Authentication Generator
| match 'signup' => 'accounts#new', :as => :signup |
When I run "rails g nifty:layout -f"
And I run "rake db:migrate"
- And I add "gem 'mocha', :group => :test" to file "Gemfile"
Then I should successfully run "rake test"
View
@@ -1,5 +1,5 @@
require 'cucumber'
-require 'spec'
+require 'rspec'
Before do
FileUtils.rm_rf "tmp/rails_app"
@@ -1,4 +1,4 @@
-Spec::Matchers.define :exist do |path|
+RSpec::Matchers.define :exist do |path|
match do
File.exist?(path)
end
@@ -16,6 +16,10 @@ class AuthenticationGenerator < Base
class_option :haml, :desc => 'Generate HAML views instead of ERB.', :type => :boolean
class_option :authlogic, :desc => 'Use Authlogic for authentication.', :type => :boolean
+ def add_gems
+ append_file "Gemfile", "\ngem 'bcrypt-ruby', :require => 'bcrypt'\ngem 'mocha', :group => :test\n"
+ end
+
def create_model_files
template 'user.rb', "app/models/#{user_singular_name}.rb"
template 'authlogic_session.rb', "app/models/#{user_singular_name}_session.rb" if options.authlogic?
@@ -30,13 +30,13 @@ def matching_password?(pass)
def prepare_password
unless password.blank?
- self.password_salt = Digest::SHA1.hexdigest([Time.now, rand].join)
+ self.password_salt = BCrypt::Engine.generate_salt
self.password_hash = encrypt_password(password)
end
end
def encrypt_password(pass)
- Digest::SHA1.hexdigest([pass, password_salt].join)
+ BCrypt::Engine.hash_secret(pass, password_salt)
end
<%- end -%>
end

0 comments on commit ebb5bf1

Please sign in to comment.