Changeset 857
- Timestamp:
- 05/06/08 10:01:14 (4 months ago)
- Files:
-
- trunk/radiant/app/models/user.rb (modified) (2 diffs)
- trunk/radiant/db/migrate/019_add_salt_to_users.rb (added)
- trunk/radiant/db/schema.rb (modified) (2 diffs)
- trunk/radiant/spec/models/user_spec.rb (modified) (3 diffs)
- trunk/radiant/spec/scenarios/users_scenario.rb (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/radiant/app/models/user.rb
r813 r857 26 26 27 27 validates_numericality_of :id, :only_integer => true, :allow_nil => true, :message => 'must be a number' 28 29 cattr_accessor :salt 30 @@salt = 'sweet harmonious biscuits' # historic value 31 28 32 29 attr_writer :confirm_password 33 30 34 def s elf.sha1(phrase)35 Digest::SHA1.hexdigest("--#{ @@salt}--#{phrase}--")31 def sha1(phrase) 32 Digest::SHA1.hexdigest("--#{salt}--#{phrase}--") 36 33 end 37 34 38 35 def self.authenticate(login, password) 39 find_by_login_and_password(login, sha1(password)) 36 user = find_by_login(login) 37 user if user && user.password == user.sha1(password) 40 38 end 41 39 … … 56 54 before_create :encrypt_password 57 55 def encrypt_password 58 self.password = self.class.sha1(password) 56 self.salt = Digest::SHA1.hexdigest("--#{Time.now}--#{login}--sweet harmonious biscuits--") 57 self.password = sha1(password) 59 58 end 60 59 trunk/radiant/db/schema.rb
r833 r857 10 10 # It's strongly recommended to check this file into your version control system. 11 11 12 ActiveRecord::Schema.define(:version => 1 8) do12 ActiveRecord::Schema.define(:version => 19) do 13 13 14 14 create_table "config", :force => true do |t| … … 97 97 t.text "notes" 98 98 t.integer "lock_version", :default => 0 99 t.string "salt" 99 100 end 100 101 trunk/radiant/spec/models/user_spec.rb
r647 r857 94 94 @user.password_confirmation = @user.password = 'test_password' 95 95 @user.save! 96 @user.password.should == User.sha1('test_password')96 @user.password.should == @user.sha1('test_password') 97 97 end 98 98 … … 101 101 @user.password_confirmation = @user.password = '' 102 102 @user.save! 103 @user.password.should == User.sha1('password')103 @user.password.should == @user.sha1('password') 104 104 end 105 105 … … 108 108 @user.password_confirmation = @user.password = 'cool beans' 109 109 @user.save! 110 @user.password.should == User.sha1('cool beans')110 @user.password.should == @user.sha1('cool beans') 111 111 end 112 112 113 113 it 'should save existing but same password' do 114 114 @user.save! && @user.save! 115 @user.password.should == User.sha1('password') 115 @user.password.should == @user.sha1('password') 116 end 117 118 it "should create a salt when encrypting the password" do 119 @user.salt.should be_nil 120 @user.send(:encrypt_password) 121 @user.salt.should_not be_nil 122 @user.password.should == @user.sha1('password') 116 123 end 117 124 end trunk/radiant/spec/scenarios/users_scenario.rb
r764 r857 11 11 helpers do 12 12 def create_user(name, attributes={}) 13 create_ record:user, name.symbolize, user_attributes(attributes.update(:name => name))13 create_model :user, name.symbolize, user_attributes(attributes.update(:name => name)) 14 14 end 15 15 def user_attributes(attributes={}) … … 22 22 :password => "password" 23 23 }.merge(attributes) 24 attributes[:password ] = User.sha1(attributes[:password])24 attributes[:password_confirmation] = attributes[:password] 25 25 attributes 26 26 end
