Fixed #69 - all new stored passwords will be crypted.

This commit is contained in:
Martin Edenhofer 2013-01-23 23:13:02 +01:00
parent de9ac446fd
commit 85c00bc9a1
2 changed files with 22 additions and 10 deletions

View file

@ -37,9 +37,6 @@ gem 'daemons'
gem 'simple-rss'
# To use ActiveModel has_secure_password
# gem 'bcrypt-ruby', '~> 3.0.0'
# e. g. on linux we need a javascript execution
# gem 'libv8', '~> 3.11.8'
# gem 'execjs'

View file

@ -1,7 +1,9 @@
require 'digest/sha2'
class User < ApplicationModel
include Gmaps
before_create :check_name, :check_email, :check_login, :check_image, :check_geo
before_create :check_name, :check_email, :check_login, :check_image, :check_geo, :check_password
before_update :check_password, :check_image, :check_geo, :check_email, :check_login
has_and_belongs_to_many :groups, :after_add => :cache_update, :after_remove => :cache_update
@ -58,11 +60,15 @@ class User < ApplicationModel
end
end
# auth ok
if user.password == password
return user
# sha auth check
if user.password =~ /^\{sha2\}/
crypted = Digest::SHA2.hexdigest( password )
return user if user.password == "{sha2}#{crypted}"
end
# plain auth check
return user if user.password == password
# auth failed
return false
end
@ -388,12 +394,21 @@ Your #{config.product_name} Team
def check_password
# set old password again
# set old password again if not given
if self.password == '' || !self.password
# get current record
current = User.find(self.id)
self.password = current.password
if self.id
current = User.find(self.id)
self.password = current.password
end
# create crypted password if not already crypted
else
if self.password !~ /^\{sha2\}/
crypted = Digest::SHA2.hexdigest( self.password )
self.password = "{sha2}#{crypted}"
end
end
end
end