X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/15d29c646b545b65bbedeed1f49329b9292671ba..77e8a16a153752b919a9153c1c9ded9834d387f7:/lib/password_hash.rb?ds=sidebyside diff --git a/lib/password_hash.rb b/lib/password_hash.rb index 1bd80291a..fe618ba7a 100644 --- a/lib/password_hash.rb +++ b/lib/password_hash.rb @@ -12,7 +12,7 @@ module PasswordHash def self.create(password) salt = SecureRandom.base64(SALT_BYTE_SIZE) hash = self.hash(password, salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE, DIGEST_ALGORITHM) - return hash, [DIGEST_ALGORITHM, PBKDF2_ITERATIONS, salt].join("!") + [hash, [DIGEST_ALGORITHM, PBKDF2_ITERATIONS, salt].join("!")] end def self.check(hash, salt, candidate) @@ -26,14 +26,30 @@ module PasswordHash candidate = Digest::MD5.hexdigest(salt + candidate) end - return hash == candidate + hash == candidate end -private + def self.upgrade?(hash, salt) + if salt.nil? + return true + elsif salt =~ /!/ + algorithm, iterations, salt = salt.split("!") + return true if Base64.strict_decode64(salt).length != SALT_BYTE_SIZE + return true if Base64.strict_decode64(hash).length != HASH_BYTE_SIZE + return true if iterations.to_i != PBKDF2_ITERATIONS + return true if algorithm != DIGEST_ALGORITHM + else + return true + end + + false + end + + private def self.hash(password, salt, iterations, size, algorithm) digest = OpenSSL::Digest.new(algorithm) - pbkdf2 = OpenSSL::PKCS5::pbkdf2_hmac(password, salt, iterations, size, digest) + pbkdf2 = OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iterations, size, digest) Base64.strict_encode64(pbkdf2) end end