开发者

How can I reuse Authlogic's password encryption functionality in a Rails app?

开发者 https://www.devze.com 2023-03-13 04:31 出处:网络
In my Rails app, I periodically require the user to re-e开发者_运维百科nter their password after a certain amount of inactivity--like with sudo on Linux. My app uses Authlogic for authentication and h

In my Rails app, I periodically require the user to re-e开发者_运维百科nter their password after a certain amount of inactivity--like with sudo on Linux. My app uses Authlogic for authentication and handling password storage and encryption.

I need some method to encrypt the password the user enters using the exact same encryption scheme Authlogic uses to encrypt passwords when it verifies passwords during authentication. I need to 1) encrypt the password the user enters and 2) do a string comparison between this encryption and the encrypted password stored in the database for the user.

Where should I put the method to perform this encryption? Here are some ideas:

Idea 1 (in a new, custom module)

module PasswordCryption
  include Authlogic::ActsAsAuthentic::Password

  encrypt_password(password)

  end
end

Idea 2 (in the User model)

class User
  acts_as_authentic <---- makes Authlogic password encryption functionality available

  encrypt_password(password)

  end
end


Authlogic uses the SHA512 encryption by default. The clue is that authlogic repeated the hexdigest function 20 times. This will solve your problem:

digest = [raw_password, password_salt].join('')
crypted_password = 20.times { digest = Digest::SHA512.hexdigest(digest) }
0

精彩评论

暂无评论...
验证码 换一张
取 消