Class: Fortifier::Secret
- Inherits:
-
ActiveRecord::Base
- Object
- ActiveRecord::Base
- Fortifier::Secret
- Defined in:
- app/models/fortifier/secret.rb
Constant Summary collapse
- EXPIRATION_PERIOD =
days
90
- RESTRICTION_PERIOD =
year
1
- GRACE_PERIOD =
days
EXPIRATION_PERIOD - 8
- SHA =
"SHA"
- BCRYPT =
"BCRYPT"
- SSO_TOKEN =
i.e. no encryption
"SSO_TOKEN"
- RESET_TOKEN =
'RESET_TOKEN'
Instance Attribute Summary collapse
-
#reset_token ⇒ Object
Returns the value of attribute reset_token.
-
#secret ⇒ Object
Returns the value of attribute secret.
-
#secret_confirmation ⇒ Object
Returns the value of attribute secret_confirmation.
-
#skip_validation ⇒ Object
Returns the value of attribute skip_validation.
Class Method Summary collapse
-
.evaluate_for_expiration ⇒ Object
This is called by the rufus job to determine whether users should be locked for not changing secrets.
- .make_sso_token ⇒ Object
- .make_token ⇒ Object
- .reset_token_unique?(token) ⇒ Boolean
Instance Method Summary collapse
- #enable! ⇒ Object
- #expiration_date ⇒ Object
- #expire! ⇒ Object
- #expire_previous_secret ⇒ Object
- #expired? ⇒ Boolean
- #matches?(secret_string) ⇒ Boolean
- #password_reset? ⇒ Boolean
- #secret_confirmation_is_present ⇒ Object
- #secret_is_present ⇒ Object
- #secret_matches_confirmation ⇒ Object
- #secret_matches_regex ⇒ Object
- #skip_validation? ⇒ Boolean
-
#sso_auth_user? ⇒ Boolean
TODO: (DK) def secret_not_used_recently # enhanced secret validation errors << :password_previously_used if matches_previous_secret?(secret) end.
- #update_encryption_method(secret_string) ⇒ Object
- #within_a_week_of_expiration? ⇒ Boolean
Instance Attribute Details
#reset_token ⇒ Object
Returns the value of attribute reset_token.
14 15 16 |
# File 'app/models/fortifier/secret.rb', line 14 def reset_token @reset_token end |
#secret ⇒ Object
Returns the value of attribute secret.
12 13 14 |
# File 'app/models/fortifier/secret.rb', line 12 def secret @secret end |
#secret_confirmation ⇒ Object
Returns the value of attribute secret_confirmation.
12 13 14 |
# File 'app/models/fortifier/secret.rb', line 12 def secret_confirmation @secret_confirmation end |
#skip_validation ⇒ Object
Returns the value of attribute skip_validation.
13 14 15 |
# File 'app/models/fortifier/secret.rb', line 13 def skip_validation @skip_validation end |
Class Method Details
.evaluate_for_expiration ⇒ Object
This is called by the rufus job to determine whether users should be locked for not changing secrets
115 116 117 118 119 120 121 122 123 |
# File 'app/models/fortifier/secret.rb', line 115 def self.evaluate_for_expiration Secret.past_expiration.each do |secret| secret.user.disable! secret.expire! end Secret.week_to_expiration.each do |secret| NotifierMailer.secret_expiration(secret, secret.user.email).deliver end end |
.make_sso_token ⇒ Object
152 153 154 155 |
# File 'app/models/fortifier/secret.rb', line 152 def self.make_sso_token token=rand(36**30).to_s(36) while Secret.reset_token_unique?(token)==false token end |
.make_token ⇒ Object
147 148 149 150 |
# File 'app/models/fortifier/secret.rb', line 147 def self.make_token token=rand(36**30).to_s(36) while Secret.reset_token_unique?(token)==false token end |
.reset_token_unique?(token) ⇒ Boolean
101 102 103 104 105 106 |
# File 'app/models/fortifier/secret.rb', line 101 def self.reset_token_unique?(token) return false if token.blank? Fortifier::Secret.where("enc_type='#{RESET_TOKEN}' AND secret_value='#{token}' AND (expired IS NULL OR expired=false)").blank? end |
Instance Method Details
#enable! ⇒ Object
92 |
# File 'app/models/fortifier/secret.rb', line 92 def enable!; expired == 0; end |
#expiration_date ⇒ Object
94 |
# File 'app/models/fortifier/secret.rb', line 94 def expiration_date; (created_at.to_time + EXPIRATION_PERIOD.days); end |
#expire! ⇒ Object
88 |
# File 'app/models/fortifier/secret.rb', line 88 def expire!; update_column(:expired, 1); end |
#expire_previous_secret ⇒ Object
108 109 110 111 112 |
# File 'app/models/fortifier/secret.rb', line 108 def expire_previous_secret return if (self.reset_token || auth_user.current_secret.blank?) old_secrets = Secret.where("auth_user_id='#{auth_user.id}' AND (expired IS NULL OR expired=false)") old_secrets.each{|s| s.expire!} end |
#expired? ⇒ Boolean
90 |
# File 'app/models/fortifier/secret.rb', line 90 def expired?; expired == 1; end |
#matches?(secret_string) ⇒ Boolean
125 126 127 128 129 130 131 132 133 134 |
# File 'app/models/fortifier/secret.rb', line 125 def matches?(secret_string) if enc_type == SHA # deprecated pw hashing secret_value == Digest::SHA1.hexdigest("--#{salt}--#{secret_string}--") elsif enc_type == Secret::SSO_TOKEN secret_value == secret_string else BCrypt::Password.new(secret_value) == secret_string end end |
#password_reset? ⇒ Boolean
82 |
# File 'app/models/fortifier/secret.rb', line 82 def password_reset?; self.enc_type==RESET_TOKEN || self.reset_token; end |
#secret_confirmation_is_present ⇒ Object
59 60 61 62 |
# File 'app/models/fortifier/secret.rb', line 59 def secret_confirmation_is_present return if secret_confirmation.present? errors[:base] << :blank_password_confirmation end |
#secret_is_present ⇒ Object
54 55 56 57 |
# File 'app/models/fortifier/secret.rb', line 54 def secret_is_present return if secret.present? errors[:base] << :blank_password end |
#secret_matches_confirmation ⇒ Object
64 65 66 67 |
# File 'app/models/fortifier/secret.rb', line 64 def secret_matches_confirmation return if secret == secret_confirmation errors[:base] << :passwords_do_not_match end |
#secret_matches_regex ⇒ Object
69 70 71 72 |
# File 'app/models/fortifier/secret.rb', line 69 def secret_matches_regex # 10 to 40 characters, one letter, one number errors[:base] << :bad_password if secret and secret.match(Fortifier::Authentication::SECRET_REGEX).nil? end |
#skip_validation? ⇒ Boolean
84 85 86 |
# File 'app/models/fortifier/secret.rb', line 84 def skip_validation? self.skip_validation || self.sso_auth_user? || self.password_reset? end |
#sso_auth_user? ⇒ Boolean
TODO: (DK) def secret_not_used_recently
# enhanced secret validation
errors[:base] << :password_previously_used if matches_previous_secret?(secret)
end
80 |
# File 'app/models/fortifier/secret.rb', line 80 def sso_auth_user?; self.enc_type==SSO_TOKEN; end |
#update_encryption_method(secret_string) ⇒ Object
136 137 138 139 140 141 142 143 144 145 |
# File 'app/models/fortifier/secret.rb', line 136 def update_encryption_method(secret_string) # TODO: dave, test if this works: return if enc_type == (BCRYPT || SSO_TOKEN) return if self.enc_type == Secret::BCRYPT || self.enc_type == Secret::SSO_TOKEN or secret_string.blank? new_secret = Secret.new new_secret.auth_user = self.auth_user new_secret.secret_value = secret_string new_secret.salt = nil new_secret.enc_type = BCRYPT new_secret.save!(validate: false) end |
#within_a_week_of_expiration? ⇒ Boolean
96 97 98 99 |
# File 'app/models/fortifier/secret.rb', line 96 def within_a_week_of_expiration? t = (expiration_date.to_date - Date.today).to_i t <= 7 && t > 0 end |