-
-
Notifications
You must be signed in to change notification settings - Fork 456
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This commit makes BCrypt the default for new setups, and introduces a strategy for converting existing infrastructure to BCrypt. To switch to BCrypt now: Clearance.configure do |config| config.password_strategy = Clearance::PasswordStrategies::BCrypt end To set the password strategy to the conversion layer: Clearance.configure do |config| config.password_strategy = Clearance::PasswordStrategies::BCryptMigrationFromSHA1 end To continue to use SHA1: Clearance.configure do |config| config.password_strategy = Clearance::PasswordStrategies::SHA1 end
- Loading branch information
1 parent
3746806
commit be37c35
Showing
25 changed files
with
334 additions
and
61 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
module Clearance | ||
module PasswordStrategies | ||
module BCrypt | ||
require 'bcrypt' | ||
|
||
extend ActiveSupport::Concern | ||
|
||
# Am I authenticated with given password? | ||
# | ||
# @param [String] plain-text password | ||
# @return [true, false] | ||
# @example | ||
# user.authenticated?('password') | ||
def authenticated?(password) | ||
::BCrypt::Password.new(encrypted_password) == password | ||
end | ||
|
||
def password=(new_password) | ||
@password = new_password | ||
if new_password.present? | ||
self.encrypted_password = encrypt(new_password) | ||
end | ||
end | ||
|
||
private | ||
|
||
def encrypt(password) | ||
::BCrypt::Password.create(password) | ||
end | ||
end | ||
end | ||
end |
52 changes: 52 additions & 0 deletions
52
lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
module Clearance | ||
module PasswordStrategies | ||
module BCryptMigrationFromSHA1 | ||
class BCryptUser | ||
include Clearance::PasswordStrategies::BCrypt | ||
|
||
def initialize(user) | ||
@user = user | ||
end | ||
|
||
delegate :encrypted_password, :encrypted_password=, to: :@user | ||
end | ||
|
||
class SHA1User | ||
include Clearance::PasswordStrategies::SHA1 | ||
|
||
def initialize(user) | ||
@user = user | ||
end | ||
|
||
delegate :salt, :salt=, :encrypted_password, :encrypted_password=, to: :@user | ||
end | ||
|
||
def authenticated?(password) | ||
authenticated_with_sha1?(password) || authenticated_with_bcrypt?(password) | ||
end | ||
|
||
def password=(new_password) | ||
BCryptUser.new(self).password = new_password | ||
end | ||
|
||
private | ||
|
||
def authenticated_with_sha1?(password) | ||
if sha1_password? | ||
if SHA1User.new(self).authenticated?(password) | ||
self.password = password | ||
true | ||
end | ||
end | ||
end | ||
|
||
def authenticated_with_bcrypt?(password) | ||
BCryptUser.new(self).authenticated?(password) | ||
end | ||
|
||
def sha1_password? | ||
self.encrypted_password =~ /^[a-f0-9]{40}$/ | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
module Clearance | ||
module PasswordStrategies | ||
# The Clearance::PasswordStrategies::Fake module is meant to be used in test suites. | ||
# It stores passwords as plain text so your test suite doesn't pay the time cost | ||
# of any hashing algorithm. | ||
# | ||
# Use the fake in your test suite by requiring Clearance's testing helpers: | ||
# | ||
# require 'clearance/testing' | ||
# | ||
# The usual places you'd require it are: | ||
# | ||
# spec/support/clearance.rb | ||
# features/support/clearance.rb | ||
module Fake | ||
extend ActiveSupport::Concern | ||
|
||
def authenticated?(password) | ||
encrypted_password == password | ||
end | ||
|
||
def password=(new_password) | ||
@password = new_password | ||
if new_password.present? | ||
self.encrypted_password = encrypt(password) | ||
end | ||
end | ||
|
||
def encrypt(password) | ||
password | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.