Fixed #69 - all new stored passwords will be crypted.
This commit is contained in:
parent
de9ac446fd
commit
85c00bc9a1
2 changed files with 22 additions and 10 deletions
3
Gemfile
3
Gemfile
|
@ -37,9 +37,6 @@ gem 'daemons'
|
||||||
|
|
||||||
gem 'simple-rss'
|
gem 'simple-rss'
|
||||||
|
|
||||||
# To use ActiveModel has_secure_password
|
|
||||||
# gem 'bcrypt-ruby', '~> 3.0.0'
|
|
||||||
|
|
||||||
# e. g. on linux we need a javascript execution
|
# e. g. on linux we need a javascript execution
|
||||||
# gem 'libv8', '~> 3.11.8'
|
# gem 'libv8', '~> 3.11.8'
|
||||||
# gem 'execjs'
|
# gem 'execjs'
|
||||||
|
|
|
@ -1,7 +1,9 @@
|
||||||
|
require 'digest/sha2'
|
||||||
|
|
||||||
class User < ApplicationModel
|
class User < ApplicationModel
|
||||||
include Gmaps
|
include Gmaps
|
||||||
|
|
||||||
before_create :check_name, :check_email, :check_login, :check_image, :check_geo
|
before_create :check_name, :check_email, :check_login, :check_image, :check_geo, :check_password
|
||||||
before_update :check_password, :check_image, :check_geo, :check_email, :check_login
|
before_update :check_password, :check_image, :check_geo, :check_email, :check_login
|
||||||
|
|
||||||
has_and_belongs_to_many :groups, :after_add => :cache_update, :after_remove => :cache_update
|
has_and_belongs_to_many :groups, :after_add => :cache_update, :after_remove => :cache_update
|
||||||
|
@ -58,11 +60,15 @@ class User < ApplicationModel
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# auth ok
|
# sha auth check
|
||||||
if user.password == password
|
if user.password =~ /^\{sha2\}/
|
||||||
return user
|
crypted = Digest::SHA2.hexdigest( password )
|
||||||
|
return user if user.password == "{sha2}#{crypted}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# plain auth check
|
||||||
|
return user if user.password == password
|
||||||
|
|
||||||
# auth failed
|
# auth failed
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
@ -388,12 +394,21 @@ Your #{config.product_name} Team
|
||||||
|
|
||||||
def check_password
|
def check_password
|
||||||
|
|
||||||
# set old password again
|
# set old password again if not given
|
||||||
if self.password == '' || !self.password
|
if self.password == '' || !self.password
|
||||||
|
|
||||||
# get current record
|
# get current record
|
||||||
current = User.find(self.id)
|
if self.id
|
||||||
self.password = current.password
|
current = User.find(self.id)
|
||||||
|
self.password = current.password
|
||||||
|
end
|
||||||
|
|
||||||
|
# create crypted password if not already crypted
|
||||||
|
else
|
||||||
|
if self.password !~ /^\{sha2\}/
|
||||||
|
crypted = Digest::SHA2.hexdigest( self.password )
|
||||||
|
self.password = "{sha2}#{crypted}"
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue