From 0bc8ea7db9fe08f7c81a7e83424f6dff2a587ba6 Mon Sep 17 00:00:00 2001 From: Jeff Trudeau Date: Thu, 16 Jun 2022 15:04:15 -0400 Subject: [PATCH] Changes per https://github.com/heartcombo/devise-encryptable/pull/21 --- lib/devise/encryptable/encryptors/pbkdf2.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/devise/encryptable/encryptors/pbkdf2.rb b/lib/devise/encryptable/encryptors/pbkdf2.rb index c06d890..cf0a3d8 100644 --- a/lib/devise/encryptable/encryptors/pbkdf2.rb +++ b/lib/devise/encryptable/encryptors/pbkdf2.rb @@ -5,18 +5,18 @@ module Encryptors class Pbkdf2 < Base def self.compare(encrypted_password, password, stretches, salt, pepper) value_to_test = self.digest(password, stretches, salt, pepper) - ActiveSupport::SecurityUtils.fixed_length_secure_compare(encrypted_password, value_to_test) + Devise.secure_compare(encrypted_password, value_to_test) end def self.digest(password, stretches, salt, pepper) - hash = OpenSSL::Digest::SHA512.new + hash = OpenSSL::Digest.new('SHA512').new OpenSSL::KDF.pbkdf2_hmac( - password, + password.to_s, salt: "#{[salt].pack('H*')}#{pepper}", iterations: stretches, hash: hash, length: hash.digest_length, - ).unpack('H*')[0] + ).unpack1('H*') end end end