Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/lib/pbkdf2.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

29 lines
687 B
Ruby
Raw Normal View History

DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
2019-05-02 18:17:27 -04:00
# frozen_string_literal: true
DEV: Correct typos and spelling mistakes (#12812) Over the years we accrued many spelling mistakes in the code base. This PR attempts to fix spelling mistakes and typos in all areas of the code that are extremely safe to change - comments - test descriptions - other low risk areas
2021-05-20 21:43:47 -04:00
# Note: This logic was originally extracted from the Pbkdf2 gem to fix Ruby 2.0
DEV: Switch our fast_xor gem for xorcist (#10565) * DEV: Switch our fast_xor gem for xorcist We use the `xor` function as part of password hashing and we want to use a faster version than the native ruby xor'ing feature so we use a gem for this. fast_xor has been abandoned, and xorcist fixed our initial holdup for switching in https://github.com/fny/xorcist/issues/4 xorcist also has jruby support so we can remove our jruby fallback logic. * Move using statement inside of class
2020-08-31 15:20:44 -04:00
# issues, but that gem has gone stale so we won't be returning to it.
PBKDF2 gem is trouble, removing and hand coding for now
2013-03-06 07:12:16 -05:00
require "openssl"
DEV: Switch our fast_xor gem for xorcist (#10565) * DEV: Switch our fast_xor gem for xorcist We use the `xor` function as part of password hashing and we want to use a faster version than the native ruby xor'ing feature so we use a gem for this. fast_xor has been abandoned, and xorcist fixed our initial holdup for switching in https://github.com/fny/xorcist/issues/4 xorcist also has jruby support so we can remove our jruby fallback logic. * Move using statement inside of class
2020-08-31 15:20:44 -04:00
require "xorcist"
PBKDF2 gem is trouble, removing and hand coding for now
2013-03-06 07:12:16 -05:00
class Pbkdf2
Parameterize the PBKDF2 algorithm in application config http://meta.discourse.org/t/sso-between-discourse-and-xmpp/8567/5
2013-07-22 21:36:01 -04:00
def self.hash_password(password, salt, iterations, algorithm = "sha256")
FIX: Digest::Digest deprecation
2014-01-20 12:33:40 -05:00
h = OpenSSL::Digest.new(algorithm)
Parameterize the PBKDF2 algorithm in application config http://meta.discourse.org/t/sso-between-discourse-and-xmpp/8567/5
2013-07-22 21:36:01 -04:00
PBKDF2 gem is trouble, removing and hand coding for now
2013-03-06 07:12:16 -05:00
u = ret = prf(h, password, salt + [1].pack("N"))
Parameterize the PBKDF2 algorithm in application config http://meta.discourse.org/t/sso-between-discourse-and-xmpp/8567/5
2013-07-22 21:36:01 -04:00
2.upto(iterations) do
PBKDF2 gem is trouble, removing and hand coding for now
2013-03-06 07:12:16 -05:00
u = prf(h, password, u)
Use Xorcist.xor! instead of refinements since Ruby 3.2+ removes Refinment-include (#15694)
2022-02-03 00:19:30 -05:00
Xorcist.xor!(ret, u)
PBKDF2 gem is trouble, removing and hand coding for now
2013-03-06 07:12:16 -05:00
end
ret.bytes.map { |b| ("0" + b.to_s(16))[-2..-1] }.join("")
end
Parameterize the PBKDF2 algorithm in application config http://meta.discourse.org/t/sso-between-discourse-and-xmpp/8567/5
2013-07-22 21:36:01 -04:00
protected
PBKDF2 gem is trouble, removing and hand coding for now
2013-03-06 07:12:16 -05:00
def self.prf(hash_function, password, data)
OpenSSL::HMAC.digest(hash_function, password, data)
end
end