]> git.openstreetmap.org Git - rails.git/blobdiff - lib/password_hash.rb
Applied documentation suggestions from code review
[rails.git] / lib / password_hash.rb
index 5adfc7a34748fa46dd5eed272127d2a3fb179543..afea82c111d018d9262b41a3f8b7e8520e0db4c4 100644 (file)
@@ -6,19 +6,19 @@ require "digest/md5"
 module PasswordHash
   SALT_BYTE_SIZE = 32
   HASH_BYTE_SIZE = 32
 module PasswordHash
   SALT_BYTE_SIZE = 32
   HASH_BYTE_SIZE = 32
-  PBKDF2_ITERATIONS = 1000
-  DIGEST_ALGORITHM = "sha512"
+  PBKDF2_ITERATIONS = 10000
+  DIGEST_ALGORITHM = "sha512".freeze
 
   def self.create(password)
     salt = SecureRandom.base64(SALT_BYTE_SIZE)
     hash = self.hash(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE, DIGEST_ALGORITHM)
 
   def self.create(password)
     salt = SecureRandom.base64(SALT_BYTE_SIZE)
     hash = self.hash(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE, DIGEST_ALGORITHM)
-    return hash, [DIGEST_ALGORITHM, PBKDF2_ITERATIONS, salt].join("!")
+    [hash, [DIGEST_ALGORITHM, PBKDF2_ITERATIONS, salt].join("!")]
   end
 
   def self.check(hash, salt, candidate)
     if salt.nil?
       candidate = Digest::MD5.hexdigest(candidate)
   end
 
   def self.check(hash, salt, candidate)
     if salt.nil?
       candidate = Digest::MD5.hexdigest(candidate)
-    elsif salt =~ /!/
+    elsif salt.include?("!")
       algorithm, iterations, salt = salt.split("!")
       size = Base64.strict_decode64(hash).length
       candidate = self.hash(candidate, salt, iterations.to_i, size, algorithm)
       algorithm, iterations, salt = salt.split("!")
       size = Base64.strict_decode64(hash).length
       candidate = self.hash(candidate, salt, iterations.to_i, size, algorithm)
@@ -26,13 +26,13 @@ module PasswordHash
       candidate = Digest::MD5.hexdigest(salt + candidate)
     end
 
       candidate = Digest::MD5.hexdigest(salt + candidate)
     end
 
-    return hash == candidate
+    hash == candidate
   end
 
   def self.upgrade?(hash, salt)
     if salt.nil?
       return true
   end
 
   def self.upgrade?(hash, salt)
     if salt.nil?
       return true
-    elsif salt =~ /!/
+    elsif salt.include?("!")
       algorithm, iterations, salt = salt.split("!")
       return true if Base64.strict_decode64(salt).length != SALT_BYTE_SIZE
       return true if Base64.strict_decode64(hash).length != HASH_BYTE_SIZE
       algorithm, iterations, salt = salt.split("!")
       return true if Base64.strict_decode64(salt).length != SALT_BYTE_SIZE
       return true if Base64.strict_decode64(hash).length != HASH_BYTE_SIZE
@@ -42,14 +42,12 @@ module PasswordHash
       return true
     end
 
       return true
     end
 
-    return false
+    false
   end
 
   end
 
-private
-
   def self.hash(password, salt, iterations, size, algorithm)
     digest = OpenSSL::Digest.new(algorithm)
   def self.hash(password, salt, iterations, size, algorithm)
     digest = OpenSSL::Digest.new(algorithm)
-    pbkdf2 = OpenSSL::PKCS5::pbkdf2_hmac(password, salt, iterations, size, digest)
+    pbkdf2 = OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iterations, size, digest)
     Base64.strict_encode64(pbkdf2)
   end
 end
     Base64.strict_encode64(pbkdf2)
   end
 end