From ebb5bf1f928108862297f8620fe99800b8b66d49 Mon Sep 17 00:00:00 2001 From: Ryan Bates Date: Thu, 14 Oct 2010 13:25:03 -0700 Subject: [PATCH] switching to bcrypt for password encryption - closes #53 --- features/nifty_authentication.feature | 4 ++-- features/support/env.rb | 2 +- features/support/matchers.rb | 2 +- .../nifty/authentication/authentication_generator.rb | 4 ++++ lib/generators/nifty/authentication/templates/user.rb | 4 ++-- 5 files changed, 10 insertions(+), 6 deletions(-) diff --git a/features/nifty_authentication.feature b/features/nifty_authentication.feature index 595db29..a316478 100644 --- a/features/nifty_authentication.feature +++ b/features/nifty_authentication.feature @@ -27,9 +27,10 @@ Feature: Nifty Authentication Generator | match 'logout' => 'sessions#destroy', :as => :logout | | match 'signup' => 'users#new', :as => :signup | And I should see "include Authentication" in file "app/controllers/application_controller.rb" + And I should see "gem 'mocha', :group => :test" in file "Gemfile" + And I should see "gem 'bcrypt-ruby', :require => 'bcrypt'" in file "Gemfile" When I run "rails g nifty:layout -f" And I run "rake db:migrate" - And I add "gem 'mocha', :group => :test" to file "Gemfile" Then I should successfully run "rake test" Scenario: Generate named authentication @@ -55,5 +56,4 @@ Feature: Nifty Authentication Generator | match 'signup' => 'accounts#new', :as => :signup | When I run "rails g nifty:layout -f" And I run "rake db:migrate" - And I add "gem 'mocha', :group => :test" to file "Gemfile" Then I should successfully run "rake test" diff --git a/features/support/env.rb b/features/support/env.rb index e2edb67..adfa2a3 100644 --- a/features/support/env.rb +++ b/features/support/env.rb @@ -1,5 +1,5 @@ require 'cucumber' -require 'spec' +require 'rspec' Before do FileUtils.rm_rf "tmp/rails_app" diff --git a/features/support/matchers.rb b/features/support/matchers.rb index f23816d..c15d305 100644 --- a/features/support/matchers.rb +++ b/features/support/matchers.rb @@ -1,4 +1,4 @@ -Spec::Matchers.define :exist do |path| +RSpec::Matchers.define :exist do |path| match do File.exist?(path) end diff --git a/lib/generators/nifty/authentication/authentication_generator.rb b/lib/generators/nifty/authentication/authentication_generator.rb index e500065..efe8f3c 100644 --- a/lib/generators/nifty/authentication/authentication_generator.rb +++ b/lib/generators/nifty/authentication/authentication_generator.rb @@ -16,6 +16,10 @@ class AuthenticationGenerator < Base class_option :haml, :desc => 'Generate HAML views instead of ERB.', :type => :boolean class_option :authlogic, :desc => 'Use Authlogic for authentication.', :type => :boolean + def add_gems + append_file "Gemfile", "\ngem 'bcrypt-ruby', :require => 'bcrypt'\ngem 'mocha', :group => :test\n" + end + def create_model_files template 'user.rb', "app/models/#{user_singular_name}.rb" template 'authlogic_session.rb', "app/models/#{user_singular_name}_session.rb" if options.authlogic? diff --git a/lib/generators/nifty/authentication/templates/user.rb b/lib/generators/nifty/authentication/templates/user.rb index f3cb0b1..e1f9670 100644 --- a/lib/generators/nifty/authentication/templates/user.rb +++ b/lib/generators/nifty/authentication/templates/user.rb @@ -30,13 +30,13 @@ def matching_password?(pass) def prepare_password unless password.blank? - self.password_salt = Digest::SHA1.hexdigest([Time.now, rand].join) + self.password_salt = BCrypt::Engine.generate_salt self.password_hash = encrypt_password(password) end end def encrypt_password(pass) - Digest::SHA1.hexdigest([pass, password_salt].join) + BCrypt::Engine.hash_secret(pass, password_salt) end <%- end -%> end