Fix valid_password? not using configured values when called alone (So…

…rcery#293) * Fix valid_password? not using configured values when called alone * Make set_encryption_attributes a public method (will be removed in v1) * Remove unused instance method * Update changelog
boxyhq · Nov 22, 2021 · 69a55c2 · 69a55c2
1 parent 24efa86
commit 69a55c2
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@
 * Inline core migration index definition [#281](https://github.com/Sorcery/sorcery/pull/281)
 * Fix MongoID adapter breaking on save [#284](https://github.com/Sorcery/sorcery/pull/284)
 * Don't pass token to Slack in query params. Prevents 'invalid_auth' error [#287](https://github.com/Sorcery/sorcery/pull/287)
+* Fix valid_password? not using configured values when called alone [#293](https://github.com/Sorcery/sorcery/pull/293)
 
 ## 0.16.1
 

diff --git a/lib/sorcery/model.rb b/lib/sorcery/model.rb
@@ -131,6 +131,14 @@ def encrypt(*tokens)
         @sorcery_config.encryption_provider.encrypt(*tokens)
       end
 
+      # FIXME: This method of passing config to the hashing provider is
+      #        questionable, and has been refactored in Sorcery v1.
+      def set_encryption_attributes
+        @sorcery_config.encryption_provider.stretches = @sorcery_config.stretches if @sorcery_config.encryption_provider.respond_to?(:stretches) && @sorcery_config.stretches
+        @sorcery_config.encryption_provider.join_token = @sorcery_config.salt_join_token if @sorcery_config.encryption_provider.respond_to?(:join_token) && @sorcery_config.salt_join_token
+        @sorcery_config.encryption_provider.pepper = @sorcery_config.pepper if @sorcery_config.encryption_provider.respond_to?(:pepper) && @sorcery_config.pepper
+      end
+
       protected
 
       def authentication_response(options = {})
@@ -139,12 +147,6 @@ def authentication_response(options = {})
         options[:return_value]
       end
 
-      def set_encryption_attributes
-        @sorcery_config.encryption_provider.stretches = @sorcery_config.stretches if @sorcery_config.encryption_provider.respond_to?(:stretches) && @sorcery_config.stretches
-        @sorcery_config.encryption_provider.join_token = @sorcery_config.salt_join_token if @sorcery_config.encryption_provider.respond_to?(:join_token) && @sorcery_config.salt_join_token
-        @sorcery_config.encryption_provider.pepper = @sorcery_config.pepper if @sorcery_config.encryption_provider.respond_to?(:pepper) && @sorcery_config.pepper
-      end
-
       def add_config_inheritance
         class_eval do
           def self.inherited(subclass)
@@ -177,6 +179,9 @@ def valid_password?(pass)
         crypted = send(sorcery_config.crypted_password_attribute_name)
         return crypted == pass if sorcery_config.encryption_provider.nil?
 
+        # Ensure encryption provider is using configured values
+        self.class.set_encryption_attributes
+
         salt = send(sorcery_config.salt_attribute_name) unless sorcery_config.salt_attribute_name.nil?
 
         sorcery_config.encryption_provider.matches?(crypted, pass, salt)