Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2026-01-02 15:28:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Hash passwords with BCrypt instead of SHA1

Browse source 
BCrypt is regarded as a more secure alternative to hashing using message
digest algorithms, such as MD5 and SHA families [0, 1, 2]. Apart from
built-in salting it is adaptable to the increasing power of modern
processing units, which makes it more secure against brute-force cracking.

This commit makes all passwords hashed using BCrypt. The session tokens
remain generated using SHA1. Tests were updated, `rake test:units` and
`rake test:functionals` didn't report any regressions.

[0] http://bcrypt.sourceforge.net/
[1] http://en.wikipedia.org/w/index.php?title=Bcrypt&oldid=439692871
[2] eab1c72/README.md
This commit is contained in:
Jan Stępień 2011-07-23 10:52:38 +02:00
parent 0b88c72570
commit 95f0f71441
7 changed files with 24 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

2
test/functional/users_controller_test.rb
View file

@ -68,7 +68,7 @@ class UsersControllerTest < ActionController::TestCase
post :update_password, :updateuser => {:password => 'newpassword', :password_confirmation => 'newpassword'}
assert_redirected_to preferences_path
@updated_user = User.find(users(:admin_user).id)
assert_equal @updated_user.crypted_password, Digest::SHA1.hexdigest("#{Tracks::Config.salt}--newpassword--")
assert_not_nil User.authenticate(@updated_user.login, 'newpassword')
assert_equal "Password updated.", flash[:notice]
end