Skip to content

Commit ce9ec14

Browse files
caljcalj
committed
Add LDAP SSHA encryption method
1 parent 104cb6b commit ce9ec14

File tree

3 files changed

+37
-1
lines changed

3 files changed

+37
-1
lines changed

lib/devise/encryptable/encryptable.rb

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ module Devise
66
:sha512 => 128,
77
:clearance_sha1 => 40,
88
:restful_authentication_sha1 => 40,
9+
:ldap_ssha => 38,
910
:authlogic_sha512 => 128
1011
}
1112

@@ -19,10 +20,11 @@ module Encryptors
1920
autoload :Base, 'devise/encryptable/encryptors/base'
2021
autoload :ClearanceSha1, 'devise/encryptable/encryptors/clearance_sha1'
2122
autoload :RestfulAuthenticationSha1, 'devise/encryptable/encryptors/restful_authentication_sha1'
23+
autoload :LdapSsha, 'devise/encryptable/encryptors/ldap_ssha'
2224
autoload :Sha1, 'devise/encryptable/encryptors/sha1'
2325
autoload :Sha512, 'devise/encryptable/encryptors/sha512'
2426
end
2527
end
2628
end
2729

28-
Devise.add_module(:encryptable, :model => 'devise/encryptable/model')
30+
Devise.add_module(:encryptable, :model => 'devise/encryptable/model')

lib/devise/encryptable/encryptors/ldap_ssha.rb

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
require "digest/sha1"
2+
3+
module Devise
4+
module Encryptable
5+
module Encryptors
6+
# = Sha1
7+
# Uses the Sha1 hash algorithm to encrypt passwords.
8+
class LdapSsha < Base
9+
# Generates a default password digest based on salt and the incoming password.
10+
def self.digest(password, stretches, salt, pepper)
11+
self.secure_digest(password, salt)
12+
end
13+
14+
def self.salt(stretches)
15+
Devise.friendly_token[0,4]
16+
end
17+
18+
private
19+
20+
# Generate a SHA1 digest with salt
21+
def self.secure_digest(password, salt)
22+
raise "Invalid salt: #{salt}" if salt.size != 4
23+
"{SSHA}" + Base64.encode64(Digest::SHA1.digest("#{password}#{salt}") + salt).strip
24+
end
25+
end
26+
end
27+
end
28+
end

test/devise/encryptable/encryptors_test.rb

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,12 @@ class Encryptors < ActiveSupport::TestCase
2121
assert_equal clearance, encryptor
2222
end
2323

24+
test 'should match a password created by LDAP SSHA' do
25+
ldap = "{SSHA}SBHbzCOyVGhpEGiR3eXRuCVIEH0WK8EJ"
26+
encryptor = Devise::Encryptable::Encryptors::LdapSsha.digest('123mudar', nil, "\x16+\xC1\t".force_encoding('ASCII-8BIT'), nil)
27+
assert_equal ldap, encryptor
28+
end
29+
2430
test 'digest should raise NotImplementedError if not implemented in subclass' do
2531
c = Class.new(Devise::Encryptable::Encryptors::Base)
2632
assert_raise(NotImplementedError) do

0 commit comments

Comments
 (0)