From 39b5ea6e01f6fc652cc63ab4e7e701cfaa9f9405 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Sat, 18 Dec 2010 15:39:32 -0800
Subject: Switch from SHA2 to BCrypt (easy Windows compatibility is coming
 shortly with new compiled gem)

---
 activemodel/CHANGELOG                           |  2 +-
 activemodel/activemodel.gemspec                 |  2 ++
 activemodel/lib/active_model/secure_password.rb | 14 +++++++-------
 3 files changed, 10 insertions(+), 8 deletions(-)

(limited to 'activemodel')

diff --git a/activemodel/CHANGELOG b/activemodel/CHANGELOG
index a19d029217..9dd5e03685 100644
--- a/activemodel/CHANGELOG
+++ b/activemodel/CHANGELOG
@@ -1,6 +1,6 @@
 *Rails 3.1.0 (unreleased)*
 
-* Added ActiveModel::SecurePassword to encapsulate dead-simple password usage with SHA2 encryption and salting [DHH]
+* Added ActiveModel::SecurePassword to encapsulate dead-simple password usage with BCrypt encryption and salting [DHH]
 
 
 *Rails 3.0.2 (unreleased)*
diff --git a/activemodel/activemodel.gemspec b/activemodel/activemodel.gemspec
index 1f38e70c36..64aa7ad922 100644
--- a/activemodel/activemodel.gemspec
+++ b/activemodel/activemodel.gemspec
@@ -22,4 +22,6 @@ Gem::Specification.new do |s|
   s.add_dependency('activesupport', version)
   s.add_dependency('builder',       '~> 3.0.0')
   s.add_dependency('i18n',          '~> 0.5.0')
+  s.add_dependency('bcrypt-ruby',   '~> 2.1.2')
+  
 end
diff --git a/activemodel/lib/active_model/secure_password.rb b/activemodel/lib/active_model/secure_password.rb
index 0599ce6865..900205cf3f 100644
--- a/activemodel/lib/active_model/secure_password.rb
+++ b/activemodel/lib/active_model/secure_password.rb
@@ -1,4 +1,4 @@
-require 'digest/sha2'
+require 'bcrypt'
 
 module ActiveModel
   module SecurePassword
@@ -44,13 +44,17 @@ module ActiveModel
     module InstanceMethods
       # Returns self if the password is correct, otherwise false.
       def authenticate(unencrypted_password)
-        password_digest == encrypt_password(unencrypted_password) ? self : false
+        if BCrypt::Password.new(password_digest) == (unencrypted_password + salt_for_password)
+          self
+        else
+          false
+        end
       end
 
       # Encrypts the password into the password_digest attribute.
       def password=(unencrypted_password)
         @password = unencrypted_password
-        self.password_digest = encrypt_password(unencrypted_password)
+        self.password_digest = BCrypt::Password.create(unencrypted_password + salt_for_password)
       end
 
       private
@@ -58,10 +62,6 @@ module ActiveModel
           self.password_salt ||= self.object_id.to_s + rand.to_s
         end
 
-        def encrypt_password(unencrypted_password)
-          Digest::SHA2.hexdigest(unencrypted_password + salt_for_password)
-        end
-        
         def password_must_be_strong
           if @password.present?
             errors.add(:password, "must be longer than 6 characters") unless @password.size > 6
-- 
cgit v1.2.3