diff options
author | azul <azul@leap.se> | 2014-05-26 10:08:27 +0200 |
---|---|---|
committer | azul <azul@leap.se> | 2014-05-26 10:08:27 +0200 |
commit | 1d0d61389011a8d0d169bc139590d90a6fbbac60 (patch) | |
tree | 9746836914f455889af9e24fdff36a1241ef4b24 /app/models | |
parent | df298887221cffc8cacc8965d73a0d7850118849 (diff) | |
parent | 5764daae090227bf4c5967900b708392c967be47 (diff) |
Merge pull request #163 from azul/feature/3398-save-hashed-token
hash token with sha512 against timing attacs #3398
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/token.rb | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/app/models/token.rb b/app/models/token.rb index e759ee3..ff2ad12 100644 --- a/app/models/token.rb +++ b/app/models/token.rb @@ -1,3 +1,5 @@ +require 'digest/sha2' + class Token < CouchRest::Model::Base use_database :tokens @@ -11,10 +13,16 @@ class Token < CouchRest::Model::Base validates :user_id, presence: true + attr_accessor :token + design do view :by_last_seen_at end + def self.find_by_token(token) + self.find Digest::SHA512.hexdigest(token) + end + def self.expires_after APP_CONFIG[:auth] && APP_CONFIG[:auth][:token_expires_after] end @@ -31,7 +39,7 @@ class Token < CouchRest::Model::Base end def to_s - id + token end def authenticate @@ -65,7 +73,8 @@ class Token < CouchRest::Model::Base def initialize(*args) super if new_record? - self.id = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '') + self.token = SecureRandom.urlsafe_base64(32).gsub(/^_*/, '') + self.id = Digest::SHA512.hexdigest(self.token) self.last_seen_at = Time.now end end |