diff --git a/Gemfile b/Gemfile index 8c951a4..76bff44 100644 --- a/Gemfile +++ b/Gemfile @@ -24,8 +24,12 @@ gem 'jbuilder', '~> 2.7' # Use Active Model has_secure_password # gem 'bcrypt', '~> 3.1.7' +# Authentication gem (uses bcrypt by default) gem 'devise', '4.7.1' +# Needed to encrypt passwords with something else than bcrypt +gem 'devise-encryptable', '0.2.0' + # Use Active Storage variant # gem 'image_processing', '~> 1.2' diff --git a/Gemfile.lock b/Gemfile.lock index 99db0e1..24627d3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -81,6 +81,8 @@ GEM railties (>= 4.1.0) responders warden (~> 1.2.3) + devise-encryptable (0.2.0) + devise (>= 2.1.0) erubi (1.9.0) ffi (1.12.2) ffi (1.12.2-x64-mingw32) @@ -214,6 +216,7 @@ DEPENDENCIES byebug capybara (>= 2.15) devise (= 4.7.1) + devise-encryptable (= 0.2.0) jbuilder (~> 2.7) puma (~> 4.1) rails (= 6.0.2.1) diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 988818b..6fee07f 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -111,7 +111,7 @@ Devise.setup do |config| # a value less than 10 in other environments. Note that, for bcrypt (the default # algorithm), the cost increases exponentially with the number of stretches (e.g. # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). - config.stretches = Rails.env.test? ? 1 : 11 + config.stretches = Rails.env.test? ? 1 : 20 # Set up a pepper to generate the hashed password. # config.pepper = '70d5aace7d4050ced64a822bb49136b1bb2c7238e652c90161da45bcebe0cc49973f3736ee192240ed46eba84e6731595baef18def2a969397ab76bc120897f8' @@ -226,7 +226,7 @@ Devise.setup do |config| # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper). # # Require the `devise-encryptable` gem when using anything other than bcrypt - # config.encryptor = :sha512 + config.encryptor = :sha512 # ==> Scopes configuration # Turn scoped views on. Before rendering "sessions/new", it will first check for