Sha256: e708ed6ddc9bae738df37b93191c651c1d7988e43b0ce2659780e50be7eecc2d

Contents?: true

Size: 1.47 KB

Versions: 1

Compression:

Stored size: 1.47 KB

Contents

require 'openssl'
require 'base64'

module Clearance
  module PasswordStrategies
    module Blowfish
      DEPRECATION_MESSAGE = "[DEPRECATION] The Blowfish password strategy " \
        "has been deprecated and will be removed from Clearance 2.0. BCrypt " \
        "is the only officially supported strategy, though you are free to " \
        "provide your own. To continue using this strategy add " \
        "clearance-deprecated_password_strategies to your Gemfile."

      def authenticated?(password)
        warn "#{Kernel.caller.first}: #{DEPRECATION_MESSAGE}"
        encrypted_password == encrypt(password)
      end

      def password=(new_password)
        warn "#{Kernel.caller.first}: #{DEPRECATION_MESSAGE}"
        @password = new_password
        initialize_salt_if_necessary

        if new_password.present?
          self.encrypted_password = encrypt(new_password)
        end
      end

      protected

      def encrypt(string)
        generate_hash("--#{salt}--#{string}--")
      end

      def generate_hash(string)
        cipher = OpenSSL::Cipher::Cipher.new('bf-cbc').encrypt
        cipher.key = Digest::SHA256.digest(salt)
        hash = cipher.update(string) << cipher.final
        Base64.encode64(hash).encode('utf-8')
      end

      def initialize_salt_if_necessary
        if salt.blank?
          self.salt = generate_salt
        end
      end

      def generate_salt
        Base64.encode64(SecureRandom.hex(20)).encode('utf-8')
      end
    end
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version Path
clearance-1.10.1 lib/clearance/password_strategies/blowfish.rb