Class: Spider::DataTypes::Password
- Includes:
- Spider::DataType
- Defined in:
- lib/spiderfw/model/datatypes/password.rb
Overview
A hashed password. Takes :hash attribute (defaults to ‘password.hash’ configuration value, which in turn defaults to :sha2) and :salt attribute; the default is to generate a random salt when mapping (unless ‘password.salt’ configuration is provided). Maps to a “#hash_type$#salt$#hash” string – TODO: remove salt configuration
Class Method Summary collapse
-
.check_match(stored, pwd) ⇒ Object
Checks if a password matches with a stored representation.
-
.do_hash(type, str, salt = '') ⇒ Object
Returns a hash of given type, using given salt.
Instance Method Summary collapse
Methods included from Spider::DataType
#attributes, #format, included, #new, #prepare
Class Method Details
.check_match(stored, pwd) ⇒ Object
Checks if a password matches with a stored representation. Expects a stored string in the form “#hash_type$#salt$#hash”: otherwise, it will assume the string is a hash using the Spider.conf ‘password.hash’ and ‘password.salt’
36 37 38 39 40 41 42 |
# File 'lib/spiderfw/model/datatypes/password.rb', line 36 def self.check_match(stored, pwd) hash_type, salt, hash = stored.split('$') if (!salt) return stored == do_hash(Spider.conf.get('password.hash'), pwd, Spider.conf.get('password.salt')) end return (hash == do_hash(hash_type, pwd, salt)) end |
.do_hash(type, str, salt = '') ⇒ Object
Returns a hash of given type, using given salt
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/spiderfw/model/datatypes/password.rb', line 45 def self.do_hash(type, str, salt='') salt ||= '' case type.to_sym when :md5 hash_obj = Digest::MD5.new when :sha1 hash_obj = Digest::SHA1.new when :sha2 hash_obj = Digest::SHA2.new else raise ArgumentError, "Hash function #{type} is not supported" end hash_obj.update(str+salt) return hash_obj.hexdigest end |
Instance Method Details
#map(mapper_type) ⇒ Object
24 25 26 27 28 29 30 31 |
# File 'lib/spiderfw/model/datatypes/password.rb', line 24 def map(mapper_type) return self.to_s if attributes[:hashed] salt = attributes[:salt] || Spider.conf.get('password.salt') # TODO: better salts salt ||= (0..10).inject('') { |r, i| r << rand(89) + 37 } hash_type = attributes[:hash] || Spider.conf.get('password.hash') return "#{hash_type}$#{salt}$#{self.class.do_hash(hash_type, self.to_s, salt)}" end |