class Authlogic::CryptoProviders::Guidance

Guide users to choose a better crypto provider.

Constants

BUILTIN_PROVIDER_PREFIX
NONADAPTIVE_ALGORITHM
VULNERABLE_ALGORITHM

Public Class Methods

new(provider) click to toggle source
# File lib/authlogic/crypto_providers.rb, line 63
def initialize(provider)
  @provider = provider
end

Public Instance Methods

impart_wisdom() click to toggle source
# File lib/authlogic/crypto_providers.rb, line 67
def impart_wisdom
  return unless @provider.is_a?(Class)

  # We can only impart wisdom about our own built-in providers.
  absolute_name = @provider.name
  return unless absolute_name.start_with?(BUILTIN_PROVIDER_PREFIX)

  # Inspect the string name of the provider, rather than using the
  # constants in our `when` clauses. If we used the constants, we'd
  # negate the benefits of the `autoload` above.
  name = absolute_name.demodulize
  case name
  when "MD5", "Sha1"
    warn(format(VULNERABLE_ALGORITHM, name))
  when "Sha256", "Sha512"
    warn(format(NONADAPTIVE_ALGORITHM, name))
  end
end