Skip to content

Commit

Permalink
Updated stretches to OWASP recommended amount. Showing 'Sign out' but…
Browse files Browse the repository at this point in the history
…ton on Home.
deleterepo committed Oct 14, 2022
1 parent c66cd10 commit f418448
Showing 3 changed files with 8 additions and 4 deletions.
3 changes: 1 addition & 2 deletions app/views/home/index.html.erb
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
<div class="d-flex flex-column justify-content-center align-items-center pt-5">
<h1 class="">Welcome</h1>
<h4>Logged in as <%= current_user.email %></h4>
<h3>Rails 7 skeleton app with Devise and Bootstrap</h3>
<%= link_to "Sign Up", new_user_registration_path, class: "btn btn-lg btn-primary rounded-pill" %>
<%= link_to "Sign out", destroy_user_session_path, class: "btn btn-lg btn-primary rounded-pill" %>
</div>
2 changes: 1 addition & 1 deletion config/credentials.yml.enc
Original file line number Diff line number Diff line change
@@ -1 +1 @@
rmqgf50CpHJvE8X4eu3xSR8auBXILh9Mz+0HWdRbAJn2qJ0Z+44IQIeMsrBfptEgyKorbNvSbZO+DEkRb1LB1qOPk+8flbL+T/H1dRpMboBwRs5U/rBf4oMw4TgHTdxFhw9TboUZhOKuWPT8w0utZhCTqls9Z7l+FHsKkDwxYO/aSW6G5YXtjSbp2A2sgyWTFhImk/mgfHhq2FPHu03dVDBUf5VtAeumpUXCcZR9d63I8kk2APClxQk//Ayj1YsSkGu5VNcWITPGhFMEnwcz8al/aueLHQXkf5HmFooi27gDeE+LqPKwEYGFMuHdub3S3nkkWCzzZy+hYqdtpod1DBqNaIjq6M5FGOL34Z6Ul7/Eg/se8NqdXivBVvp0i/5RVCQuT3VFfj+II3FYtZ7iZnYinXooU2YAsbmk--YQK5WOcTuE8KXzyV--1H4KVYU7NH9YqkN/3EqV3Q==
B5FWnTByBYN54awMSSt0la5reOW0GBbICJ6frD7S/a4gii8QBL88/Rs8dXBBGRiNAtM68DRY/ovemaAVmP2AjkaRoouKyxQBlN7imIP9BBxP/mjHnDUjhXEr+NvIfqjfCGxWfdaLW+baVAfFtpudq+y+so1f+hRduqJDFlqAOeTeLnwirDDPyjZcRX5cIGhof40J+NPNWbWh1f+HLO7lrCftDlY7wvcODsj4MlOzg+mejtCLDQSyyQ+dEP+NnNHZKtNK3rqlDOgD2PkfCk+7WQy2/iZov8ahoGehK2/lsgHOGqTjKKkmgBt3EZ6ztr/hw7R2uPz1D0yJ+Bg3JhU3tuTOT23yMaRlVTeENwYRy0+1zDWRujZGz7nHDVHl/wpVkSiz0sDMmY/WcTWFzVweb3upe4+NDf3U3V9j--BzmrwlH3AZSHf8tj--AFTmQ8bXec/CQXgYOucwFw==
7 changes: 6 additions & 1 deletion config/initializers/devise.rb
Original file line number Diff line number Diff line change
@@ -123,9 +123,12 @@
# a value less than 10 in other environments. Note that, for bcrypt (the default
# algorithm), the cost increases exponentially with the number of stretches (e.g.
# a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
config.stretches = Rails.env.test? ? 1 : 12

# Set stretches to 120,000 since we're using PBKDF2 with SHA-512 - https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
config.stretches = Rails.env.test? ? 1 : 120000

# Set up a pepper to generate the hashed password.
# TODO: Configure pepper externally and set here
# config.pepper = '51a6c9320b3aeed9b9d4f275482dfd922b9afb29982bcd9074eab5dd284bb69035c40672fe65b01ef6021b85440765ed3495299276190d8c740157c23a434604'

# Send a notification to the original email when the user's email is changed.
@@ -308,4 +311,6 @@
# When set to false, does not sign a user in automatically after their password is
# changed. Defaults to true, so a user is signed in automatically after changing a password.
# config.sign_in_after_change_password = true

config.navigational_formats = ['*/*', :html, :turbo_stream]
end

0 comments on commit f418448

Please sign in to comment.