From 1b5f350d431f19709485f61a0ca1d4156f74c719 Mon Sep 17 00:00:00 2001
From: Jeff Trudeau <jeff.trudeau@gmail.com>
Date: Fri, 21 Aug 2020 15:20:13 -0400
Subject: [PATCH] Support PBKDF2 using SHA512

---
 lib/devise/encryptable/encryptable.rb       |  3 ++-
 lib/devise/encryptable/encryptors/pbkdf2.rb | 25 +++++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 lib/devise/encryptable/encryptors/pbkdf2.rb

diff --git a/lib/devise/encryptable/encryptable.rb b/lib/devise/encryptable/encryptable.rb
index cfd5af3..1a39b80 100644
--- a/lib/devise/encryptable/encryptable.rb
+++ b/lib/devise/encryptable/encryptable.rb
@@ -18,6 +18,7 @@ module Encryptors
       autoload :AuthlogicSha512, 'devise/encryptable/encryptors/authlogic_sha512'
       autoload :Base, 'devise/encryptable/encryptors/base'
       autoload :ClearanceSha1, 'devise/encryptable/encryptors/clearance_sha1'
+      autoload :Pbkdf2, 'devise/encryptable/encryptors/pbkdf2'
       autoload :RestfulAuthenticationSha1, 'devise/encryptable/encryptors/restful_authentication_sha1'
       autoload :Sha1, 'devise/encryptable/encryptors/sha1'
       autoload :Sha512, 'devise/encryptable/encryptors/sha512'
@@ -25,4 +26,4 @@ module Encryptors
   end
 end
 
-Devise.add_module(:encryptable, :model => 'devise/encryptable/model')
\ No newline at end of file
+Devise.add_module(:encryptable, :model => 'devise/encryptable/model')
diff --git a/lib/devise/encryptable/encryptors/pbkdf2.rb b/lib/devise/encryptable/encryptors/pbkdf2.rb
new file mode 100644
index 0000000..c06d890
--- /dev/null
+++ b/lib/devise/encryptable/encryptors/pbkdf2.rb
@@ -0,0 +1,25 @@
+begin
+  module Devise
+    module Encryptable
+      module Encryptors
+        class Pbkdf2 < Base
+          def self.compare(encrypted_password, password, stretches, salt, pepper)
+            value_to_test = self.digest(password, stretches, salt, pepper)
+            ActiveSupport::SecurityUtils.fixed_length_secure_compare(encrypted_password, value_to_test)
+          end
+
+          def self.digest(password, stretches, salt, pepper)
+            hash = OpenSSL::Digest::SHA512.new
+            OpenSSL::KDF.pbkdf2_hmac(
+              password,
+              salt: "#{[salt].pack('H*')}#{pepper}",
+              iterations: stretches,
+              hash: hash,
+              length: hash.digest_length,
+            ).unpack('H*')[0]
+          end
+        end
+      end
+    end
+  end
+end