mirror of
https://github.com/ENSL/ensl.org.git
synced 2025-01-13 21:31:28 +00:00
Allow manual password hash MD5 for testing
This commit is contained in:
parent
bfd866fa88
commit
2297e8c4d1
2 changed files with 13 additions and 4 deletions
|
@ -96,6 +96,7 @@ class UsersController < ApplicationController
|
||||||
flash[:notice] = t(:accounts_locked)
|
flash[:notice] = t(:accounts_locked)
|
||||||
else
|
else
|
||||||
flash[:notice] = "%s (%s)" % [t(:login_successful), u.password_hash_s]
|
flash[:notice] = "%s (%s)" % [t(:login_successful), u.password_hash_s]
|
||||||
|
# FIXME: this doesn't work because model is saved before
|
||||||
flash[:notice] << " \n%s" % I18n.t(:password_md5_scrypt) if u.password_hash_changed?
|
flash[:notice] << " \n%s" % I18n.t(:password_md5_scrypt) if u.password_hash_changed?
|
||||||
save_session u
|
save_session u
|
||||||
end
|
end
|
||||||
|
|
|
@ -54,6 +54,7 @@ class User < ActiveRecord::Base
|
||||||
|
|
||||||
attribute :lastvisit, :datetime, default: Time.now.utc
|
attribute :lastvisit, :datetime, default: Time.now.utc
|
||||||
attribute :password_hash, :integer, default: PASSWORD_SCRYPT
|
attribute :password_hash, :integer, default: PASSWORD_SCRYPT
|
||||||
|
attr_accessor :password_force
|
||||||
|
|
||||||
belongs_to :team, :optional => true
|
belongs_to :team, :optional => true
|
||||||
has_one :profile, :dependent => :destroy
|
has_one :profile, :dependent => :destroy
|
||||||
|
@ -331,13 +332,20 @@ class User < ActiveRecord::Base
|
||||||
# NOTE: function does not call save
|
# NOTE: function does not call save
|
||||||
# Maybe it should return to not waste save?
|
# Maybe it should return to not waste save?
|
||||||
def update_password
|
def update_password
|
||||||
|
# Standard logic for saving password
|
||||||
if raw_password and raw_password.length > 0
|
if raw_password and raw_password.length > 0
|
||||||
self.password = SCrypt::Password.create(raw_password)
|
# Allow old hash too
|
||||||
self.password_hash = User::PASSWORD_SCRYPT
|
if password_hash == User::PASSWORD_MD5 and password_force
|
||||||
elsif password_hash == User::PASSWORD_MD5
|
self.password = Digest::MD5.hexdigest(raw_password)
|
||||||
|
else
|
||||||
|
self.password_hash = User::PASSWORD_SCRYPT
|
||||||
|
self.password = SCrypt::Password.create(raw_password)
|
||||||
|
end
|
||||||
|
# Update MD5 to MD5+Scrypt
|
||||||
|
elsif password_hash == User::PASSWORD_MD5 and !password_force
|
||||||
# Scrypt(Md5(passsword))
|
# Scrypt(Md5(passsword))
|
||||||
self.password = SCrypt::Password.create(password)
|
|
||||||
self.password_hash = User::PASSWORD_MD5_SCRYPT
|
self.password_hash = User::PASSWORD_MD5_SCRYPT
|
||||||
|
self.password = SCrypt::Password.create(password)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue