Class: Gitlab::DoorkeeperSecretStoring::Token::Pbkdf2Sha512

Inherits:

Doorkeeper::SecretStoring::Base

Object
Doorkeeper::SecretStoring::Base
Gitlab::DoorkeeperSecretStoring::Token::Pbkdf2Sha512

Defined in:: lib/gitlab/doorkeeper_secret_storing/token/pbkdf2_sha512.rb

Constant Summary collapse

STRETCHES =

20_000

SALT = An empty salt is used because we need to look tokens up solely by their hashed value. Additionally, tokens are always cryptographically pseudo-random and unique, therefore salting provides no additional security.

''

Class Method Summary collapse

.allows_restoring_secrets? ⇒ Boolean

Determines whether this strategy supports restoring secrets from the database.
.transform_secret(plain_secret) ⇒ Object

Class Method Details

.allows_restoring_secrets? ⇒ `Boolean`

Determines whether this strategy supports restoring secrets from the database. This allows detecting users trying to use a non-restorable strategy with reuse_access_tokens.

Returns:

(Boolean)



22
23
24

# File 'lib/gitlab/doorkeeper_secret_storing/token/pbkdf2_sha512.rb', line 22

def self.allows_restoring_secrets?
  false
end

.transform_secret(plain_secret) ⇒ `Object`



14
15
16

# File 'lib/gitlab/doorkeeper_secret_storing/token/pbkdf2_sha512.rb', line 14

def self.transform_secret(plain_secret)
  Devise::Pbkdf2Encryptable::Encryptors::Pbkdf2Sha512.digest(plain_secret, STRETCHES, SALT)
end