zenon/tiss2go
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use SHA512 instead of BCrypt

Browse Source
This commit is contained in:
Tobias Eidelpes 2020-04-14 14:28:55 +02:00
parent af1eff30b7
commit 8e417911c6
3 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Gemfile
View File

@ -24,8 +24,12 @@ gem 'jbuilder', '~> 2.7'
# Use Active Model has_secure_password # Use Active Model has_secure_password
# gem 'bcrypt', '~> 3.1.7' # gem 'bcrypt', '~> 3.1.7'
# Authentication gem (uses bcrypt by default)
gem 'devise', '4.7.1' gem 'devise', '4.7.1'
# Needed to encrypt passwords with something else than bcrypt
gem 'devise-encryptable', '0.2.0'
# Use Active Storage variant # Use Active Storage variant
# gem 'image_processing', '~> 1.2' # gem 'image_processing', '~> 1.2'

3
Gemfile.lock
View File

@ -81,6 +81,8 @@ GEM
railties (>= 4.1.0) railties (>= 4.1.0)
responders responders
warden (~> 1.2.3) warden (~> 1.2.3)
devise-encryptable (0.2.0)
devise (>= 2.1.0)
erubi (1.9.0) erubi (1.9.0)
ffi (1.12.2) ffi (1.12.2)
ffi (1.12.2-x64-mingw32) ffi (1.12.2-x64-mingw32)
@ -214,6 +216,7 @@ DEPENDENCIES
byebug byebug
capybara (>= 2.15) capybara (>= 2.15)
devise (= 4.7.1) devise (= 4.7.1)
devise-encryptable (= 0.2.0)
jbuilder (~> 2.7) jbuilder (~> 2.7)
puma (~> 4.1) puma (~> 4.1)
rails (= 6.0.2.1) rails (= 6.0.2.1)

4
config/initializers/devise.rb
View File

@ -111,7 +111,7 @@ Devise.setup do |config|
# a value less than 10 in other environments. Note that, for bcrypt (the default # a value less than 10 in other environments. Note that, for bcrypt (the default
# algorithm), the cost increases exponentially with the number of stretches (e.g. # algorithm), the cost increases exponentially with the number of stretches (e.g.
# a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
config.stretches = Rails.env.test? ? 1 : 11 config.stretches = Rails.env.test? ? 1 : 20
# Set up a pepper to generate the hashed password. # Set up a pepper to generate the hashed password.
# config.pepper = '70d5aace7d4050ced64a822bb49136b1bb2c7238e652c90161da45bcebe0cc49973f3736ee192240ed46eba84e6731595baef18def2a969397ab76bc120897f8' # config.pepper = '70d5aace7d4050ced64a822bb49136b1bb2c7238e652c90161da45bcebe0cc49973f3736ee192240ed46eba84e6731595baef18def2a969397ab76bc120897f8'
@ -226,7 +226,7 @@ Devise.setup do |config|
# stretches to 10, and copy REST_AUTH_SITE_KEY to pepper). # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
# #
# Require the `devise-encryptable` gem when using anything other than bcrypt # Require the `devise-encryptable` gem when using anything other than bcrypt
# config.encryptor = :sha512 config.encryptor = :sha512
# ==> Scopes configuration # ==> Scopes configuration
# Turn scoped views on. Before rendering "sessions/new", it will first check for # Turn scoped views on. Before rendering "sessions/new", it will first check for