diff --git a/app/services/attempts_api/request_token_validator.rb b/app/services/attempts_api/request_token_validator.rb index d7852a549b9..0e8f104d8b7 100644 --- a/app/services/attempts_api/request_token_validator.rb +++ b/app/services/attempts_api/request_token_validator.rb @@ -49,7 +49,7 @@ def service_provider_exists def valid_request_token? return if config_data['tokens'].any? do |valid_token| - scrypt_salt = cost + OpenSSL::Digest::SHA256.hexdigest(valid_token['salt']) + scrypt_salt = valid_token['cost'] + OpenSSL::Digest::SHA256.hexdigest(valid_token['salt']) scrypted = SCrypt::Engine.hash_secret token, scrypt_salt, 32 hashed_req_token = SCrypt::Password.new(scrypted).digest ActiveSupport::SecurityUtils.secure_compare(valid_token['value'], hashed_req_token) @@ -72,10 +72,6 @@ def config_data_exists? config_data.present? end - def cost - IdentityConfig.store.scrypt_cost - end - def service_provider @service_provider ||= ServiceProvider.find_by(issuer:) end diff --git a/spec/controllers/api/attempts/events_controller_spec.rb b/spec/controllers/api/attempts/events_controller_spec.rb index 2db1a029dc7..0eacdd1fcfa 100644 --- a/spec/controllers/api/attempts/events_controller_spec.rb +++ b/spec/controllers/api/attempts/events_controller_spec.rb @@ -47,7 +47,7 @@ allow(IdentityConfig.store).to receive(:allowed_attempts_providers).and_return( [{ 'issuer' => sp.issuer, - 'tokens' => [{ 'value' => hashed_token, 'salt' => salt }], + 'tokens' => [{ 'value' => hashed_token, 'salt' => salt, 'cost' => cost }], }], ) allow(AttemptsApi::RedisClient).to receive(:new).and_return redis_client diff --git a/spec/services/attempts_api/request_token_validator_spec.rb b/spec/services/attempts_api/request_token_validator_spec.rb index cd91321fa11..a6bef0ae7c4 100644 --- a/spec/services/attempts_api/request_token_validator_spec.rb +++ b/spec/services/attempts_api/request_token_validator_spec.rb @@ -24,6 +24,7 @@ { 'value' => hashed_token, 'salt' => salt, + 'cost' => cost, }, ], },