Switch from SHA2 to BCrypt (easy Windows compatibility is coming shortly with new compiled gem)

author: David Heinemeier Hansson <david@loudthinking.com> 2010-12-18 15:39:32 -0800
committer: David Heinemeier Hansson <david@loudthinking.com> 2010-12-18 15:39:32 -0800
commit: 39b5ea6e01f6fc652cc63ab4e7e701cfaa9f9405 (patch)
tree: a7c273e878207e74edfdb6b5f85db21c48f69e79 /activemodel
parent: bcf4e4f2b02157cecc1f1727a95cdf5bfa471771 (diff)
download: rails-39b5ea6e01f6fc652cc63ab4e7e701cfaa9f9405.tar.gz
rails-39b5ea6e01f6fc652cc63ab4e7e701cfaa9f9405.tar.bz2
rails-39b5ea6e01f6fc652cc63ab4e7e701cfaa9f9405.zip
3 files changed, 10 insertions, 8 deletions
diff --git a/activemodel/CHANGELOG b/activemodel/CHANGELOG
index a19d029217..9dd5e03685 100644
--- a/activemodel/CHANGELOG
+++ b/activemodel/CHANGELOG
@@ -1,6 +1,6 @@
 *Rails 3.1.0 (unreleased)*
 
-* Added ActiveModel::SecurePassword to encapsulate dead-simple password usage with SHA2 encryption and salting [DHH]
+* Added ActiveModel::SecurePassword to encapsulate dead-simple password usage with BCrypt encryption and salting [DHH]
 
 
 *Rails 3.0.2 (unreleased)*
diff --git a/activemodel/activemodel.gemspec b/activemodel/activemodel.gemspec
index 1f38e70c36..64aa7ad922 100644
--- a/activemodel/activemodel.gemspec
+++ b/activemodel/activemodel.gemspec
@@ -22,4 +22,6 @@ Gem::Specification.new do |s|
   s.add_dependency('activesupport', version)
   s.add_dependency('builder',       '~> 3.0.0')
   s.add_dependency('i18n',          '~> 0.5.0')
+  s.add_dependency('bcrypt-ruby',   '~> 2.1.2')
+  
 end
diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb
index 0599ce6865..900205cf3f 100644
--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -1,4 +1,4 @@
-require 'digest/sha2'
+require 'bcrypt'
 
 module ActiveModel
   module SecurePassword
@@ -44,13 +44,17 @@ module ActiveModel
     module InstanceMethods
       # Returns self if the password is correct, otherwise false.
       def authenticate(unencrypted_password)
-        password_digest == encrypt_password(unencrypted_password) ? self : false
+        if BCrypt::Password.new(password_digest) == (unencrypted_password + salt_for_password)
+          self
+        else
+          false
+        end
       end
 
       # Encrypts the password into the password_digest attribute.
       def password=(unencrypted_password)
         @password = unencrypted_password
-        self.password_digest = encrypt_password(unencrypted_password)
+        self.password_digest = BCrypt::Password.create(unencrypted_password + salt_for_password)
       end
 
       private
@@ -58,10 +62,6 @@ module ActiveModel
           self.password_salt ||= self.object_id.to_s + rand.to_s
         end
 
-        def encrypt_password(unencrypted_password)
-          Digest::SHA2.hexdigest(unencrypted_password + salt_for_password)
-        end
-        
         def password_must_be_strong
           if @password.present?
             errors.add(:password, "must be longer than 6 characters") unless @password.size > 6
author	David Heinemeier Hansson <david@loudthinking.com>	2010-12-18 15:39:32 -0800
committer	David Heinemeier Hansson <david@loudthinking.com>	2010-12-18 15:39:32 -0800
commit	39b5ea6e01f6fc652cc63ab4e7e701cfaa9f9405 (patch)
tree	a7c273e878207e74edfdb6b5f85db21c48f69e79 /activemodel
parent	bcf4e4f2b02157cecc1f1727a95cdf5bfa471771 (diff)
download	rails-39b5ea6e01f6fc652cc63ab4e7e701cfaa9f9405.tar.gz rails-39b5ea6e01f6fc652cc63ab4e7e701cfaa9f9405.tar.bz2 rails-39b5ea6e01f6fc652cc63ab4e7e701cfaa9f9405.zip