Strengthen password hashing algorithm

[rails.git] / app / models / user.rb

diff --git a/app/models/user.rb b/app/models/user.rb
index 6677d3b98372585e2a8ffacc1b5b6aa722fe17ca..4c51089e61b4387e7545e5f13af61f35885f65a9 100644 (file)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -70,7 +70,7 @@ class User < ActiveRecord::Base
         end
       end
 
-      user = nil if user and user.pass_crypt != OSM::encrypt_password(options[:password], user.pass_salt)
+      user = nil if user and not PasswordHash.check(user.pass_crypt, user.pass_salt, options[:password])
     elsif options[:token]
       token = UserToken.find_by_token(options[:token])
       user = token.user if token
@@ -240,8 +240,7 @@ private
 
   def encrypt_password
     if pass_crypt_confirmation
-      self.pass_salt = OSM::make_token(8)
-      self.pass_crypt = OSM::encrypt_password(pass_crypt, pass_salt)
+      self.pass_crypt, self.pass_salt = PasswordHash.create(pass_crypt)
       self.pass_crypt_confirmation = nil
     end
   end