blob: 4bfb5f9e64c917fb8cd0ab9184f01c5809db2b2e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
# frozen_string_literal: true
module Gitlab
module DoorkeeperSecretStoring
class Pbkdf2Sha512 < ::Doorkeeper::SecretStoring::Base
STRETCHES = 20_000
# An empty salt is used because we need to look tokens up solely by
# their hashed value. Additionally, tokens are always cryptographically
# pseudo-random and unique, therefore salting provides no
# additional security.
SALT = ''
def self.transform_secret(plain_secret)
return plain_secret unless Feature.enabled?(:hash_oauth_tokens)
Devise::Pbkdf2Encryptable::Encryptors::Pbkdf2Sha512.digest(plain_secret, STRETCHES, SALT)
end
##
# Determines whether this strategy supports restoring
# secrets from the database. This allows detecting users
# trying to use a non-restorable strategy with +reuse_access_tokens+.
def self.allows_restoring_secrets?
false
end
end
end
end
|