X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/550c4a3a45814fde5c809334c85f1ebc47659a82..6d5752ad623dc70d0d6a1004c42871fb05704c56:/lib/password_hash.rb diff --git a/lib/password_hash.rb b/lib/password_hash.rb index de1f20d31..325955cf1 100644 --- a/lib/password_hash.rb +++ b/lib/password_hash.rb @@ -16,13 +16,13 @@ module PasswordHash if Argon2::HashFormat.valid_hash?(hash) Argon2::Password.verify_password(candidate, hash) elsif salt.nil? - hash == Digest::MD5.hexdigest(candidate) + ActiveSupport::SecurityUtils.secure_compare(hash, Digest::MD5.hexdigest(candidate)) elsif salt.include?("!") algorithm, iterations, salt = salt.split("!") size = Base64.strict_decode64(hash).length - hash == pbkdf2(candidate, salt, iterations.to_i, size, algorithm) + ActiveSupport::SecurityUtils.secure_compare(hash, pbkdf2(candidate, salt, iterations.to_i, size, algorithm)) else - hash == Digest::MD5.hexdigest(salt + candidate) + ActiveSupport::SecurityUtils.secure_compare(hash, Digest::MD5.hexdigest(salt + candidate)) end end