switching to bcrypt for password encryption - closes #53

ryanb · Oct 14, 2010 · ebb5bf1 · ebb5bf1
1 parent 271e421
commit ebb5bf1
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 6 deletions.
diff --git a/features/nifty_authentication.feature b/features/nifty_authentication.feature
@@ -27,9 +27,10 @@ Feature: Nifty Authentication Generator
       | match 'logout' => 'sessions#destroy', :as => :logout |
       | match 'signup' => 'users#new', :as => :signup        |
     And I should see "include Authentication" in file "app/controllers/application_controller.rb"
+    And I should see "gem 'mocha', :group => :test" in file "Gemfile"
+    And I should see "gem 'bcrypt-ruby', :require => 'bcrypt'" in file "Gemfile"
     When I run "rails g nifty:layout -f"
     And I run "rake db:migrate"
-    And I add "gem 'mocha', :group => :test" to file "Gemfile"
     Then I should successfully run "rake test"
 
   Scenario: Generate named authentication
@@ -55,5 +56,4 @@ Feature: Nifty Authentication Generator
       | match 'signup' => 'accounts#new', :as => :signup             |
     When I run "rails g nifty:layout -f"
     And I run "rake db:migrate"
-    And I add "gem 'mocha', :group => :test" to file "Gemfile"
     Then I should successfully run "rake test"
diff --git a/features/support/env.rb b/features/support/env.rb
@@ -1,5 +1,5 @@
 require 'cucumber'
-require 'spec'
+require 'rspec'
 
 Before do
   FileUtils.rm_rf "tmp/rails_app"

diff --git a/features/support/matchers.rb b/features/support/matchers.rb
@@ -1,4 +1,4 @@
-Spec::Matchers.define :exist do |path|
+RSpec::Matchers.define :exist do |path|
   match do
     File.exist?(path)
   end

diff --git a/lib/generators/nifty/authentication/authentication_generator.rb b/lib/generators/nifty/authentication/authentication_generator.rb
@@ -16,6 +16,10 @@ class AuthenticationGenerator < Base
       class_option :haml, :desc => 'Generate HAML views instead of ERB.', :type => :boolean
       class_option :authlogic, :desc => 'Use Authlogic for authentication.', :type => :boolean
 
+      def add_gems
+        append_file "Gemfile", "\ngem 'bcrypt-ruby', :require => 'bcrypt'\ngem 'mocha', :group => :test\n"
+      end
+
       def create_model_files
         template 'user.rb', "app/models/#{user_singular_name}.rb"
         template 'authlogic_session.rb', "app/models/#{user_singular_name}_session.rb" if options.authlogic?

diff --git a/lib/generators/nifty/authentication/templates/user.rb b/lib/generators/nifty/authentication/templates/user.rb
@@ -30,13 +30,13 @@ def matching_password?(pass)
 
   def prepare_password
     unless password.blank?
-      self.password_salt = Digest::SHA1.hexdigest([Time.now, rand].join)
+      self.password_salt = BCrypt::Engine.generate_salt
       self.password_hash = encrypt_password(password)
     end
   end
 
   def encrypt_password(pass)
-    Digest::SHA1.hexdigest([pass, password_salt].join)
+    BCrypt::Engine.hash_secret(pass, password_salt)
   end
 <%- end -%>
 end