check bcrypted passwords

donpdonp · donpdonp · commit fdd534ecbea7 · 2014-01-16T10:01:05.000-08:00
diff --git a/Gemfile b/Gemfile
@@ -11,7 +11,7 @@ gem 'couchrest_model', '~> 1.1.0'
 gem 'sqlite3' # to keep ActiveRecord happy
 gem 'omniauth'
 gem 'oauth2'
-gem 'bcrypt-ruby'
+gem 'bcrypt-ruby', :require => 'bcrypt'
 gem 'slim'
 gem 'riemann-client'
 
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -22,7 +22,7 @@ def create
       if params[:password].nil?
         response.merge!(:status => "NEEDPASS")
       else
-        if params[:password] == user.password
+        if user.authentic?(params[:password])
           session[:logged_in_user] = user.username
           RIEMANN << {service:'icecondor user', tags:['login'],
                       description:"user: #{user.username}"}
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -42,4 +42,7 @@ def self.build_initial_locations(usernames, count)
     end
   end
 
+  def authentic?(pass)
+    BCrypt::Password.new(password) == pass
+  end
 end
