lib/rodauth/features/password_pepper.rb
# frozen-string-literal: true module Rodauth Feature.define(:password_pepper, :PasswordPepper) do depends :login_password_requirements_base auth_value_method :password_pepper, nil auth_value_method :previous_password_peppers, [""] auth_value_method :password_pepper_update?, true def password_match?(password) if (result = super) && @previous_pepper_matched && password_pepper_update? set_password(password) end result end private def password_hash(password) super(password + password_pepper.to_s) end def password_hash_match?(hash, password) return super if password_pepper.nil? return true if super(hash, password + password_pepper) @previous_pepper_matched = previous_password_peppers.any? do |pepper| super(hash, password + pepper) end end def database_function_password_match?(name, hash_id, password, salt) return super if password_pepper.nil? return true if super(name, hash_id, password + password_pepper, salt) @previous_pepper_matched = previous_password_peppers.any? do |pepper| super(name, hash_id, password + pepper, salt) end end end end