Contents

require 'openssl'

module Clearance
  module PasswordStrategies
    module Blowfish
      def authenticated?(password)
        encrypted_password == encrypt(password)
      end

      def password=(new_password)
        @password = new_password
        initialize_salt_if_necessary

        if new_password.present?
          self.encrypted_password = encrypt(new_password)
        end
      end

      protected

      def encrypt(string)
        generate_hash("--#{salt}--#{string}--")
      end

      def generate_hash(string)
        cipher = OpenSSL::Cipher::Cipher.new('bf-cbc').encrypt
        cipher.key = Digest::SHA256.digest(salt)
        cipher.update(string) << cipher.final
      end

      def initialize_salt_if_necessary
        if salt.blank?
          self.salt = generate_salt
        end
      end

      def generate_salt
        SecureRandom.hex(20).encode('UTF-8')
      end
    end
  end
end

Version data entries

14 entries across 14 versions & 1 rubygems

Version	Path
clearance-1.5.0	lib/clearance/password_strategies/blowfish.rb
clearance-1.4.3	lib/clearance/password_strategies/blowfish.rb
clearance-1.4.2	lib/clearance/password_strategies/blowfish.rb
clearance-1.4.1	lib/clearance/password_strategies/blowfish.rb
clearance-1.4.0	lib/clearance/password_strategies/blowfish.rb
clearance-1.3.0	lib/clearance/password_strategies/blowfish.rb
clearance-1.2.1	lib/clearance/password_strategies/blowfish.rb
clearance-1.2.0	lib/clearance/password_strategies/blowfish.rb
clearance-1.1.0	lib/clearance/password_strategies/blowfish.rb
clearance-1.0.1	lib/clearance/password_strategies/blowfish.rb
clearance-1.0.0	lib/clearance/password_strategies/blowfish.rb
clearance-1.0.0.rc8	lib/clearance/password_strategies/blowfish.rb
clearance-1.0.0.rc7	lib/clearance/password_strategies/blowfish.rb
clearance-1.0.0.rc6	lib/clearance/password_strategies/blowfish.rb