scube/scube-server
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Save user password as a bcrypt hash

Browse Source 
* Replace password field by password_hash
* Add User#password attribute
* Implement password hashing and verification with BCrypt mixin
This commit is contained in:
Thibault Jouan 2011-08-09 17:04:47 +00:00
parent 0fb9496fb3
commit 1fc3be42de
4 changed files with 58 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
app/models/user.rb
View File

@ -1,11 +1,33 @@
require 'bcrypt'
class User < ActiveRecord::Base class User < ActiveRecord::Base
include BCrypt
attr_accessor :password
attr_accessible :email, :password, :password_confirmation
validates_presence_of :email validates_presence_of :email
validates_presence_of :password
validates :password,
:presence => true,
:confirmation => true
before_save :hash_password
def self.authenticate(email, password) def self.authenticate(email, password)
user = find_by_email(email) user = find_by_email(email)
return false if user.nil? return false if user.nil?
#FIXME use bcrypt return user if Password.new(user.password_hash) == password
return user if user.password == password end
private
def hash_password
self.password_hash = bcrypt(password)
end
def bcrypt(string)
return Password.create(string)
end end
end end

11
db/migrate/20110809130610_add_password_hash_to_users.rb Normal file
View File

@ -0,0 +1,11 @@
class AddPasswordHashToUsers < ActiveRecord::Migration
def self.up
add_column :users, :password_hash, :string
remove_column :users, :password
end
def self.down
remove_column :users, :password_hash
add_column :users, :password, :string
end
end

4
db/schema.rb
View File

@ -10,7 +10,7 @@
# #
# It's strongly recommended to check this file into your version control system. # It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20110805201426) do ActiveRecord::Schema.define(:version => 20110809130610) do
create_table "playlists", :force => true do |t| create_table "playlists", :force => true do |t|
t.string "name" t.string "name"
@ -38,9 +38,9 @@ ActiveRecord::Schema.define(:version => 20110805201426) do
create_table "users", :force => true do |t| create_table "users", :force => true do |t|
t.string "email" t.string "email"
t.string "password"
t.datetime "created_at" t.datetime "created_at"
t.datetime "updated_at" t.datetime "updated_at"
t.string "password_hash"
end end
end end

20
spec/models/user_spec.rb
View File

@ -24,6 +24,26 @@ describe User do
it { should_not be_valid } it { should_not be_valid }
end end
context 'when password_confirmation does not match password' do
before do
user.password_confirmation = 'WRONG'
end
it { should_not be_valid }
end
describe '#hash_password' do
it 'is received when #save is sent' do
user.should_receive(:hash_password)
user.save
end
it 'stores a bcrypt hash of the password' do
user.save
BCrypt::Password.new(user.password_hash).should == user.password
end
end
describe '.authenticate' do describe '.authenticate' do
let (:user) { Factory.create(:user) } let (:user) { Factory.create(:user) }