X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/46875fdde3ecdc37bb69e892b15509132a3bf9cf..d975100504a87788df9386ceee455e76ebfade64:/lib/password_hash.rb?ds=inline diff --git a/lib/password_hash.rb b/lib/password_hash.rb index de1f20d31..325955cf1 100644 --- a/lib/password_hash.rb +++ b/lib/password_hash.rb @@ -16,13 +16,13 @@ module PasswordHash if Argon2::HashFormat.valid_hash?(hash) Argon2::Password.verify_password(candidate, hash) elsif salt.nil? - hash == Digest::MD5.hexdigest(candidate) + ActiveSupport::SecurityUtils.secure_compare(hash, Digest::MD5.hexdigest(candidate)) elsif salt.include?("!") algorithm, iterations, salt = salt.split("!") size = Base64.strict_decode64(hash).length - hash == pbkdf2(candidate, salt, iterations.to_i, size, algorithm) + ActiveSupport::SecurityUtils.secure_compare(hash, pbkdf2(candidate, salt, iterations.to_i, size, algorithm)) else - hash == Digest::MD5.hexdigest(salt + candidate) + ActiveSupport::SecurityUtils.secure_compare(hash, Digest::MD5.hexdigest(salt + candidate)) end end