Module: Sequel::Plugins::Password::ClassMethods

Defined in:

lib/sequel_password.rb

Instance Attribute Summary

• #column ⇒ Symbol readonly

  Name of the column where password is stored.

• #hashers ⇒ Hash readonly

  Hash of the algorithms and their corresponding Hasher.

Instance Method Summary

• #check_password(password, encoded, setter: nil, algorithm: :default) ⇒ Boolean

  Check if password match, and upgrade to newest hashing algorithm if needed.

• #make_password(password, salt: nil, algorithm: :default) ⇒ String

  Returns the given password hash.

• #usable_password?(encoded) ⇒ Boolean

  Returns if encoded hash is a usable password.

Instance Attribute Details

#column ⇒ Symbol (readonly)

Returns name of the column where password is stored.

Returns:

• (Symbol) —

  name of the column where password is stored

# File 'lib/sequel_password.rb', line 25

module ClassMethods
  attr_reader :column, :hashers

  Plugins.inherited_instance_variables(self,
                                       "@column": :digest, "@hashers": {})

  # Returns the given password hash. It will return an unusable
  # hash if given password is nil.
  #
  # @param [String, nil] password to be hashed
  # @param [String, nil] salt to be used during hashing
  # @param [Symbol] algorithm to be used for hashing
  # @return [String] the given password hashed
  def make_password(password, salt: nil, algorithm: :default)
    return "!#{SecureRandom.hex(20)}" if password.nil?

    salt = hasher(algorithm).salt if salt.nil?
    hasher(algorithm).encode(password, salt)
  end

  # Returns if encoded hash is a usable password.
  #
  # @param [String] encoded hash
  # @return [Boolean] if password is usable
  def usable_password?(encoded)
    return false if encoded.nil? || encoded.start_with?('!')

    algorithm = encoded.split('$').first
    !hasher(algorithm).nil?
  end

  # Check if password match, and upgrade to newest hashing algorithm
  # if needed.
  #
  # @param [String] password in plain text
  # @param [String] encoded password for comparision
  # @param [Proc] setter accepting an encoded password
  # @param [Symbol] algorithm to be used for hashing
  # @return [Boolean] if password match encoded password
  def check_password(password, encoded, setter: nil, algorithm: :default)
    return false if password.nil? || !usable_password?(encoded)

    preferred = hasher(algorithm)
    hasher = hasher(encoded.split('$').first)

    must_update = hasher.algorithm != preferred.algorithm
    must_update ||= preferred.must_update(encoded)

    correct = hasher.verify(password, encoded)
    setter.call(password) if !setter.nil? && correct && must_update

    correct
  end

  private

  def hasher(algorithm = :default)
    @hashers.fetch(algorithm.to_sym, @hashers.values.first)
  end
end

#hashers ⇒ Hash (readonly)

Returns hash of the algorithms and their corresponding Hasher.

Returns:

• (Hash) —

  hash of the algorithms and their corresponding Hasher

# File 'lib/sequel_password.rb', line 25

module ClassMethods
  attr_reader :column, :hashers

  Plugins.inherited_instance_variables(self,
                                       "@column": :digest, "@hashers": {})

  # Returns the given password hash. It will return an unusable
  # hash if given password is nil.
  #
  # @param [String, nil] password to be hashed
  # @param [String, nil] salt to be used during hashing
  # @param [Symbol] algorithm to be used for hashing
  # @return [String] the given password hashed
  def make_password(password, salt: nil, algorithm: :default)
    return "!#{SecureRandom.hex(20)}" if password.nil?

    salt = hasher(algorithm).salt if salt.nil?
    hasher(algorithm).encode(password, salt)
  end

  # Returns if encoded hash is a usable password.
  #
  # @param [String] encoded hash
  # @return [Boolean] if password is usable
  def usable_password?(encoded)
    return false if encoded.nil? || encoded.start_with?('!')

    algorithm = encoded.split('$').first
    !hasher(algorithm).nil?
  end

  # Check if password match, and upgrade to newest hashing algorithm
  # if needed.
  #
  # @param [String] password in plain text
  # @param [String] encoded password for comparision
  # @param [Proc] setter accepting an encoded password
  # @param [Symbol] algorithm to be used for hashing
  # @return [Boolean] if password match encoded password
  def check_password(password, encoded, setter: nil, algorithm: :default)
    return false if password.nil? || !usable_password?(encoded)

    preferred = hasher(algorithm)
    hasher = hasher(encoded.split('$').first)

    must_update = hasher.algorithm != preferred.algorithm
    must_update ||= preferred.must_update(encoded)

    correct = hasher.verify(password, encoded)
    setter.call(password) if !setter.nil? && correct && must_update

    correct
  end

  private

  def hasher(algorithm = :default)
    @hashers.fetch(algorithm.to_sym, @hashers.values.first)
  end
end

Instance Method Details

#check_password(password, encoded, setter: nil, algorithm: :default) ⇒ Boolean

Check if password match, and upgrade to newest hashing algorithm if needed.

Parameters:

• password (String) —

  in plain text

• encoded (String) —

  password for comparision

• setter (Proc) (defaults to: nil) —

  accepting an encoded password

• algorithm (Symbol) (defaults to: :default) —

  to be used for hashing

Returns:

• (Boolean) —

  if password match encoded password

# File 'lib/sequel_password.rb', line 64

def check_password(password, encoded, setter: nil, algorithm: :default)
  return false if password.nil? || !usable_password?(encoded)

  preferred = hasher(algorithm)
  hasher = hasher(encoded.split('$').first)

  must_update = hasher.algorithm != preferred.algorithm
  must_update ||= preferred.must_update(encoded)

  correct = hasher.verify(password, encoded)
  setter.call(password) if !setter.nil? && correct && must_update

  correct
end

#make_password(password, salt: nil, algorithm: :default) ⇒ String

Returns the given password hash. It will return an unusable hash if given password is nil.

Parameters:

• password (String, nil) —

  to be hashed

• salt (String, nil) (defaults to: nil) —

  to be used during hashing

• algorithm (Symbol) (defaults to: :default) —

  to be used for hashing

Returns:

• (String) —

  the given password hashed

# File 'lib/sequel_password.rb', line 38

def make_password(password, salt: nil, algorithm: :default)
  return "!#{SecureRandom.hex(20)}" if password.nil?

  salt = hasher(algorithm).salt if salt.nil?
  hasher(algorithm).encode(password, salt)
end

#usable_password?(encoded) ⇒ Boolean

Returns if encoded hash is a usable password.

Parameters:

• encoded (String) —

  hash

Returns:

• (Boolean) —

  if password is usable

# File 'lib/sequel_password.rb', line 49

def usable_password?(encoded)
  return false if encoded.nil? || encoded.start_with?('!')

  algorithm = encoded.split('$').first
  !hasher(algorithm).nil?
end