Class: Spider::DataTypes::Password

Inherits:

String

Object
String
Spider::DataTypes::Password

Includes:: Spider::DataType

Defined in:: lib/spiderfw/model/datatypes/password.rb

Overview

A hashed password. Takes :hash attribute (defaults to ‘password.hash’ configuration value, which in turn defaults to :sha2) and :salt attribute; the default is to generate a random salt when mapping (unless ‘password.salt’ configuration is provided). Maps to a “#hash_type$#salt$#hash” string – TODO: remove salt configuration

Class Method Summary collapse

.check_match(stored, pwd) ⇒ Object

Checks if a password matches with a stored representation.
.do_hash(type, str, salt = '') ⇒ Object

Returns a hash of given type, using given salt.

Instance Method Summary collapse

#map(mapper_type) ⇒ Object

Methods included from Spider::DataType

#attributes, #format, included, #new, #prepare

Class Method Details

.check_match(stored, pwd) ⇒ `Object`

Checks if a password matches with a stored representation. Expects a stored string in the form “#hash_type$#salt$#hash”: otherwise, it will assume the string is a hash using the Spider.conf ‘password.hash’ and ‘password.salt’

# File 'lib/spiderfw/model/datatypes/password.rb', line 36

def self.check_match(stored, pwd)
    hash_type, salt, hash = stored.split('$')
    if (!salt)
        return stored == do_hash(Spider.conf.get('password.hash'), pwd,  Spider.conf.get('password.salt'))
    end
    return (hash == do_hash(hash_type, pwd, salt))
end

.do_hash(type, str, salt = '') ⇒ `Object`

Returns a hash of given type, using given salt

# File 'lib/spiderfw/model/datatypes/password.rb', line 45

def self.do_hash(type, str, salt='')
    salt ||= ''
    case type.to_sym
    when :md5
        hash_obj = Digest::MD5.new
    when :sha1
        hash_obj = Digest::SHA1.new
    when :sha2
        hash_obj = Digest::SHA2.new
    else
        raise ArgumentError, "Hash function #{type} is not supported"
    end
    hash_obj.update(str+salt)
    return hash_obj.hexdigest
end

Instance Method Details

#map(mapper_type) ⇒ `Object`

# File 'lib/spiderfw/model/datatypes/password.rb', line 24

def map(mapper_type)
    return self.to_s if attributes[:hashed]
    salt = attributes[:salt] || Spider.conf.get('password.salt')
    # TODO: better salts
    salt ||= (0..10).inject('') { |r, i| r << rand(89) + 37 }
    hash_type = attributes[:hash] || Spider.conf.get('password.hash')
    return "#{hash_type}$#{salt}$#{self.class.do_hash(hash_type, self.to_s, salt)}"
end