Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

BCryptMigrationFromSHA1: Make sure we save the password after encrypting it to Bcrypt #237

Closed
wants to merge 1 commit into from

2 participants

Édouard Brière Dan Croak
Édouard Brière

The BCryptMigrationFromSHA1 password strategy wasn’t saving the generated Bcypt password to database, so SHA-1 users were never migrated to Bcrypt.

In this pull request, we call save on the User model in authenticated_with_sha1? right after assigning the Bcrypt-encrypted password to encrypted_password.

See also issue #236 where I described the issue.

Dan Croak
Admin

@edouard Thanks. Merged as f529a1a.

Dan Croak croaky closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Nov 15, 2012
  1. Édouard Brière
This page is out of date. Refresh to see the latest.
1  lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb
View
@@ -44,6 +44,7 @@ def authenticated_with_sha1?(password)
if sha1_password?
if SHA1User.new(self).authenticated? password
self.password = password
+ self.save
true
end
end
6 spec/models/bcrypt_migration_from_sha1_spec.rb
View
@@ -45,6 +45,7 @@
before do
subject.salt = salt
subject.encrypted_password = sha1_hash
+ subject.stubs :save => true
end
it 'is authenticated' do
@@ -61,6 +62,11 @@
subject.authenticated? 'bad' + password
}.should_not raise_error(BCrypt::Errors::InvalidHash)
end
+
+ it 'saves the subject to database' do
+ subject.authenticated? password
+ subject.should have_received(:save)
+ end
end
context 'with a BCrypt-encrypted password' do
Something went wrong with that request. Please try again.