Class: Doorkeeper::SecretStoring::BCrypt

Inherits:

Base

• Object
• Base
• Doorkeeper::SecretStoring::BCrypt

Defined in:

lib/doorkeeper/secret_storing/bcrypt.rb

Overview

Plain text secret storing, which is the default but also provides fallback lookup if other secret storing mechanisms are enabled.

Class Method Summary

• .allows_restoring_secrets? ⇒ Boolean

  Determines whether this strategy supports restoring secrets from the database.

• .bcrypt_present? ⇒ Boolean

  Test if we can require the BCrypt gem.

• .secret_matches?(input, stored) ⇒ Boolean

  Securely compare the given input value with a stored value processed by transform_secret.

• .transform_secret(plain_secret) ⇒ Object

  Return the value to be stored by the database.

• .validate_for(model) ⇒ Object

  Determines what secrets this strategy is applicable for.

Methods inherited from Base

restore_secret, store_secret

Class Method Details

.allows_restoring_secrets? ⇒ Boolean

Determines whether this strategy supports restoring secrets from the database. This allows detecting users trying to use a non-restorable strategy with reuse_access_tokens.

Returns:

• (Boolean)

# File 'lib/doorkeeper/secret_storing/bcrypt.rb', line 30

def self.allows_restoring_secrets?
  false
end

.bcrypt_present? ⇒ Boolean

Test if we can require the BCrypt gem

Returns:

• (Boolean)

# File 'lib/doorkeeper/secret_storing/bcrypt.rb', line 52

def self.bcrypt_present?
  require "bcrypt"
  true
rescue LoadError
  false
end

.secret_matches?(input, stored) ⇒ Boolean

Securely compare the given input value with a stored value processed by transform_secret.

Returns:

• (Boolean)

# File 'lib/doorkeeper/secret_storing/bcrypt.rb', line 20

def self.secret_matches?(input, stored)
  ::BCrypt::Password.new(stored.to_s) == input.to_s
rescue ::BCrypt::Errors::InvalidHash
  false
end

.transform_secret(plain_secret) ⇒ Object

Return the value to be stored by the database

Parameters:

• plain_secret —

  The plain secret input / generated

# File 'lib/doorkeeper/secret_storing/bcrypt.rb', line 13

def self.transform_secret(plain_secret)
  ::BCrypt::Password.create(plain_secret.to_s)
end

.validate_for(model) ⇒ Object

Determines what secrets this strategy is applicable for

# File 'lib/doorkeeper/secret_storing/bcrypt.rb', line 36

def self.validate_for(model)
  unless model.to_sym == :application
    raise ArgumentError,
          "'#{name}' can only be used for storing application secrets."
  end

  unless bcrypt_present?
    raise ArgumentError,
          "'#{name}' requires the 'bcrypt' gem being loaded."
  end

  true
end