lib/doorkeeper/secret_storing/bcrypt.rb
# frozen_string_literal: true
module Doorkeeper
module SecretStoring
##
# Plain text secret storing, which is the default
# but also provides fallback lookup if
# other secret storing mechanisms are enabled.
class BCrypt < Base
##
# Return the value to be stored by the database
# @param plain_secret The plain secret input / generated
def self.transform_secret(plain_secret)
::BCrypt::Password.create(plain_secret.to_s)
end
##
# Securely compare the given +input+ value with a +stored+ value
# processed by +transform_secret+.
def self.secret_matches?(input, stored)
::BCrypt::Password.new(stored.to_s) == input.to_s
rescue ::BCrypt::Errors::InvalidHash
false
end
##
# Determines whether this strategy supports restoring
# secrets from the database. This allows detecting users
# trying to use a non-restorable strategy with +reuse_access_tokens+.
def self.allows_restoring_secrets?
false
end
##
# Determines what secrets this strategy is applicable for
def self.validate_for(model)
unless model.to_sym == :application
raise ArgumentError,
"'#{name}' can only be used for storing application secrets."
end
unless bcrypt_present?
raise ArgumentError,
"'#{name}' requires the 'bcrypt' gem being loaded."
end
true
end
##
# Test if we can require the BCrypt gem
def self.bcrypt_present?
require "bcrypt"
true
rescue LoadError
false
end
end
end
end