kyledrake · June 6, 2012 18:55
diff --git a/password.rb b/password.rb
 # Due to recent concerns regarding password safety, Geoloqi has decided to publicly release the code
 # that we use to do password hashing. After consulting with the community, this code now uses BCrypt for hashing 
 # (http://codahale.com/how-to-safely-store-a-password), which is based on blowfish, uses an integrated
 # salting mechanism, and makes brute forcing expensive for attackers. It is widely used in the industry for
 # production environments.
 #
 # Improvement suggestions are always welcome. Geoloqi takes security very seriously, and designs our systems to
 # be as security-oriented as practically possible. We also believe in security transparency, because it leads to
 # better security than obscurity, and is a more honest interaction with our customers.
 #
 # "The mantra of any good security engineer is: `Security is not a product, but a process.` It's more than
 # designing strong cryptography into a system; it's designing the entire system such that all security 
 # measures, including cryptography, work together."
 #
 # -- Bruce Schneier, author of "Applied Cryptography". 

 require 'bcrypt'

 module Sequel
  module Password
    def self.included(base)
      base.extend(ClassMethods)

      # Generate methods to login, so that we only have the methods on columns that actually exist for the record.
      base.instance_eval do
        [:username, :email].each do |identifier|
          if columns.include? identifier
            define_singleton_method "valid_#{identifier}_login?".to_sym do |application, value, plaintext|
              valid_login? application, identifier, value, plaintext
            end
          end
        end
      end
    end

    module ClassMethods
      def valid_login?(application, column, value, plaintext)
        user = self[:application => application, column.to_sym => value]
        return false if user.nil?
        user.valid_password? plaintext
      end
    end

    def valid_password?(plaintext)
      BCrypt::Password.new(values[:password_hash]) == plaintext
    end

    def password=(plaintext)
      @password_length = plaintext.length
      values[:password_hash] = BCrypt::Password.create plaintext
    end
  end
 end
	# Due to recent concerns regarding password safety, Geoloqi has decided to publicly release the code
	# that we use to do password hashing. After consulting with the community, this code now uses BCrypt for hashing
	# (http://codahale.com/how-to-safely-store-a-password), which is based on blowfish, uses an integrated
	# salting mechanism, and makes brute forcing expensive for attackers. It is widely used in the industry for
	# production environments.
	#
	# Improvement suggestions are always welcome. Geoloqi takes security very seriously, and designs our systems to
	# be as security-oriented as practically possible. We also believe in security transparency, because it leads to
	# better security than obscurity, and is a more honest interaction with our customers.
	#
	# "The mantra of any good security engineer is: `Security is not a product, but a process.` It's more than
	# designing strong cryptography into a system; it's designing the entire system such that all security
	# measures, including cryptography, work together."
	#
	# -- Bruce Schneier, author of "Applied Cryptography".

	require 'bcrypt'

	module Sequel
	module Password
	def self.included(base)
	base.extend(ClassMethods)

	# Generate methods to login, so that we only have the methods on columns that actually exist for the record.
	base.instance_eval do
	[:username, :email].each do \|identifier\|
	if columns.include? identifier
	define_singleton_method "valid_#{identifier}_login?".to_sym do \|application, value, plaintext\|
	valid_login? application, identifier, value, plaintext
	end
	end
	end
	end
	end

	module ClassMethods
	def valid_login?(application, column, value, plaintext)
	user = self[:application => application, column.to_sym => value]
	return false if user.nil?
	user.valid_password? plaintext
	end
	end

	def valid_password?(plaintext)
	BCrypt::Password.new(values[:password_hash]) == plaintext
	end

	def password=(plaintext)
	@password_length = plaintext.length
	values[:password_hash] = BCrypt::Password.create plaintext
	end
	end
	end