Permalink
Browse files

tokens and salt can use ActiveSupport::SecureRandom instead of ad-hoc…

… hashing methods.
  • Loading branch information...
1 parent bbe335b commit 5351cc8fcbd57e5484f40e0a5b7bd1181994e08b @croaky croaky committed Apr 17, 2011
Showing with 9 additions and 11 deletions.
  1. +2 −1 CHANGELOG.md
  2. +7 −10 lib/clearance/user.rb
View
@@ -1,7 +1,8 @@
0.11.0 (unreleased)
-------------------
-* Removing password confirmation
+* Removing password confirmation.
+* Use ActiveSupport::Concern and ActiveSupport::SecureRandom to clean up code.
0.10.5
-------------------
View
@@ -49,7 +49,6 @@ module Validations
validates_format_of :email, :with => %r{^[a-z0-9!#\$%&'*+\/=?^_`{|}~-]+(?:\.[a-z0-9!#\$%&'*+\/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$}i, :allow_blank => true
validates_presence_of :password, :unless => :password_optional?
- validates_confirmation_of :password
end
end
@@ -105,14 +104,12 @@ def forgot_password!
# Update my password.
#
- # @param [String, String] password and password confirmation
# @return [true, false] password was updated or not
# @example
- # user.update_password('new-password', 'new-password')
- def update_password(new_password, new_password_confirmation)
- self.password_changing = true
- self.password = new_password
- self.password_confirmation = new_password_confirmation
+ # user.update_password('new-password')
+ def update_password(new_password)
+ self.password_changing = true
+ self.password = new_password
if valid?
self.confirmation_token = nil
generate_remember_token
@@ -132,7 +129,7 @@ def encrypt(string)
def initialize_salt
if salt.blank?
- self.salt = generate_hash("--#{Time.now.utc}--#{password}--#{rand}--")
+ self.salt = ActiveSupport::SecureRandom.hex(20)
end
end
@@ -143,11 +140,11 @@ def encrypt_password
end
def generate_remember_token
- self.remember_token = encrypt("--#{Time.now.utc}--#{encrypted_password}--#{id}--#{rand}--")
+ self.remember_token = ActiveSupport::SecureRandom.hex(20)
end
def generate_confirmation_token
- self.confirmation_token = encrypt("--#{Time.now.utc}--#{password}--#{rand}--")
+ self.confirmation_token = ActiveSupport::SecureRandom.hex(20)
end
# Always false. Override to allow other forms of authentication

0 comments on commit 5351cc8

Please sign in to comment.