Merge pull request #1709 from plataformatec/extracting_bcrypt

Moved BCrypt logic to a Encryptor
2026-01-09 23:58:06 -05:00 · 2012-03-09 14:26:20 -08:00
parent a394ceaef1 45298c0a37
commit 94c05e346d
5 changed files with 24 additions and 7 deletions
--- a/lib/devise.rb
+++ b/lib/devise.rb
@@ -23,6 +23,7 @@ module Devise
  module Encryptors
    autoload :Base, 'devise/encryptors/base'
    autoload :AuthlogicSha512, 'devise/encryptors/authlogic_sha512'
+    autoload :BCrypt, 'devise/encryptors/bcrypt'
    autoload :ClearanceSha1, 'devise/encryptors/clearance_sha1'
    autoload :RestfulAuthenticationSha1, 'devise/encryptors/restful_authentication_sha1'
    autoload :Sha512, 'devise/encryptors/sha512'
--- a/lib/devise/encryptors/base.rb
+++ b/lib/devise/encryptors/base.rb
@@ -15,6 +15,10 @@ module Devise
      def self.salt(stretches)
        Devise.friendly_token[0,20]
      end
+
+      def self.compare(encrypted_password, password, stretches, salt, pepper)
+        Devise.secure_compare(encrypted_password, digest(password, stretches, salt, pepper))
+      end
    end
  end
-end
+end
--- a/lib/devise/encryptors/bcrypt.rb
+++ b/lib/devise/encryptors/bcrypt.rb
@@ -0,0 +1,14 @@
+module Devise
+  module Encryptors
+    class BCrypt < Base
+      def self.digest(password, stretches, salt, pepper)
+        ::BCrypt::Engine.hash_secret("#{password}#{pepper}",salt, stretches)
+      end
+
+      def self.compare(encrypted_password, password, stretches, salt, pepper)
+        salt = ::BCrypt::Password.new(encrypted_password).salt
+        Devise.secure_compare(encrypted_password, digest(password, stretches, salt, pepper))
+      end
+    end
+  end
+end
--- a/lib/devise/models/database_authenticatable.rb
+++ b/lib/devise/models/database_authenticatable.rb
@@ -40,9 +40,7 @@ module Devise
      # Verifies whether an password (ie from sign in) is the user password.
      def valid_password?(password)
        return false if encrypted_password.blank?
-        bcrypt   = ::BCrypt::Password.new(self.encrypted_password)
-        password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt)
-        Devise.secure_compare(password, self.encrypted_password)
+        Devise::Encryptors::BCrypt.compare(self.encrypted_password, password, self.class.stretches, nil, self.class.pepper)
      end

      # Set password and password confirmation to nil
@@ -107,7 +105,7 @@ module Devise

      # Digests the password using bcrypt.
      def password_digest(password)
-        ::BCrypt::Password.create("#{password}#{self.class.pepper}", :cost => self.class.stretches).to_s
+        Devise::Encryptors::BCrypt.digest(password, self.class.stretches, ::BCrypt::Engine.generate_salt, self.class.pepper)
      end

      module ClassMethods
--- a/lib/devise/models/encryptable.rb
+++ b/lib/devise/models/encryptable.rb
@@ -40,7 +40,7 @@ module Devise

      # Verifies whether an incoming_password (ie from sign in) is the user password.
      def valid_password?(incoming_password)
-        Devise.secure_compare(password_digest(incoming_password), self.encrypted_password)
+        self.class.encryptor_class.compare(self.encrypted_password,incoming_password, self.class.stretches, self.password_salt, self.class.pepper)
      end

    protected
@@ -73,4 +73,4 @@ module Devise
      end
    end
  end
-end
+end