Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2025-12-27 04:18:49 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
tracks/test/fixtures/users.yml
Jan Stępień 95f0f71441 Hash passwords with BCrypt instead of SHA1 
BCrypt is regarded as a more secure alternative to hashing using message
digest algorithms, such as MD5 and SHA families [0, 1, 2]. Apart from
built-in salting it is adaptable to the increasing power of modern
processing units, which makes it more secure against brute-force cracking.

This commit makes all passwords hashed using BCrypt. The session tokens
remain generated using SHA1. Tests were updated, `rake test:units` and
`rake test:functionals` didn't report any regressions.

[0] http://bcrypt.sourceforge.net/
[1] http://en.wikipedia.org/w/index.php?title=Bcrypt&oldid=439692871
[2] eab1c72/README.md
2011-09-07 16:05:52 +02:00

50 lines
1.4 KiB
YAML
Raw Blame History

# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
admin_user:
id: 1
login: admin
crypted_password: <%= BCrypt::Password.create("#{Tracks::Config.salt}--abracadabra--") %>
token: <%= Digest::SHA1.hexdigest("adminSat Feb 25 17:14:00 GMT 20060.236961325863376") %>
is_admin: true
first_name: Admin
last_name: Schmadmin
auth_type: database
other_user:
id: 2
login: jane
crypted_password: <%= BCrypt::Password.create("#{Tracks::Config.salt}--sesame--") %>
token: <%= Digest::SHA1.hexdigest("janeSun Feb 19 14:42:45 GMT 20060.408173979260027") %>
is_admin: false
first_name: Jane
last_name: Doe
auth_type: database
ldap_user:
id: 3
login: john
crypted_password: test
token: <%= Digest::SHA1.hexdigest("johnSun Feb 19 14:42:45 GMT 20060.408173979260027") %>
is_admin: false
first_name: John
last_name: Deere
auth_type: ldap
sms_user:
id: 4
login: sms_user
crypted_password: <%= BCrypt::Password.create("#{Tracks::Config.salt}--sesame--") %>
token: <%= Digest::SHA1.hexdigest("sms_userSun Feb 19 14:42:45 GMT 20060.408173979260027") %>
is_admin: false
first_name: SMS
last_name: Tester
auth_type: database
ldap_user:
id: 5
login: john
crypted_password: test
token: <%= Digest::SHA1.hexdigest("internationalSun Feb 19 14:42:45 GMT 20060.408173979260027") %>
is_admin: false
first_name: International
last_name: Harvester
auth_type: CAS
Reference in a new issue View git blame Copy permalink