33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
# File 'app/controllers/devise/cookie_crypt_controller.rb', line 33
def update
h = Hash.class_eval(resource.security_hash)
if h.empty?
(1..(params[:security].keys.count/2)).each do |n|
h["security_question_#{n}"] = sanitize(params[:security]["security_question_#{n}".to_sym])
h["security_answer_#{n}"] = Digest::SHA512.hexdigest(sanitize(params[:security]["security_answer_#{n}".to_sym]))
end
resource.security_hash = h.to_s
resource.save
authentication_success
elsif (h.keys.count/2) < resource.class.cookie_crypt_minimum_questions
((h.keys.count/2)+1..(params[:security].keys.count/2)+((h.keys.count/2))).each do |n|
h["security_question_#{n}"] = sanitize(params[:security]["security_question_#{n}".to_sym])
h["security_answer_#{n}"] = Digest::SHA512.hexdigest(sanitize(params[:security]["security_answer_#{n}".to_sym]))
end
resource.security_hash = h.to_s
resource.save
authentication_success
else
if matching_answers?(h)
generate_cookie
update_resource_cycle(h)
log_agent_to_resource
authentication_success
else
resource.cookie_crypt_attempts_count += 1
resource.save
set_flash_message :error, :attempt_failed
if resource.max_cookie_crypt_login_attempts?
update_resource_cycle(h)
sign_out(resource)
render template: 'devise/cookie_crypt/max_login_attempts_reached' and return
else
render :show
end
end
end
end
|