bcrypt 3.1.13 → 3.1.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG +100 -67
- data/README.md +4 -6
- data/ext/jruby/bcrypt_jruby/BCrypt.java +4 -3
- data/ext/mri/bcrypt_ext.c +79 -18
- data/ext/mri/crypt_blowfish.c +6 -10
- data/ext/mri/crypt_gensalt.c +1 -1
- data/ext/mri/crypt_gensalt.h +1 -1
- data/ext/mri/wrapper.c +4 -1
- data/ext/mri/x86.S +1 -1
- data/lib/bcrypt/engine.rb +24 -6
- data/lib/bcrypt/password.rb +23 -4
- metadata +43 -31
- data/.gitignore +0 -9
- data/.rspec +0 -3
- data/.travis.yml +0 -17
- data/Gemfile +0 -2
- data/Gemfile.lock +0 -37
- data/Rakefile +0 -70
- data/appveyor.yml +0 -50
- data/bcrypt.gemspec +0 -27
- data/spec/TestBCrypt.java +0 -194
- data/spec/bcrypt/engine_spec.rb +0 -147
- data/spec/bcrypt/error_spec.rb +0 -37
- data/spec/bcrypt/password_spec.rb +0 -124
- data/spec/spec_helper.rb +0 -2
data/spec/bcrypt/engine_spec.rb
DELETED
|
@@ -1,147 +0,0 @@
|
|
|
1
|
-
require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
|
|
2
|
-
|
|
3
|
-
describe "The BCrypt engine" do
|
|
4
|
-
specify "should calculate the optimal cost factor to fit in a specific time" do
|
|
5
|
-
first = BCrypt::Engine.calibrate(100)
|
|
6
|
-
second = BCrypt::Engine.calibrate(400)
|
|
7
|
-
expect(second).to be > first
|
|
8
|
-
end
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
describe "Generating BCrypt salts" do
|
|
12
|
-
|
|
13
|
-
specify "should produce strings" do
|
|
14
|
-
expect(BCrypt::Engine.generate_salt).to be_an_instance_of(String)
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
specify "should produce random data" do
|
|
18
|
-
expect(BCrypt::Engine.generate_salt).to_not equal(BCrypt::Engine.generate_salt)
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
specify "should raise a InvalidCostError if the cost parameter isn't numeric" do
|
|
22
|
-
expect { BCrypt::Engine.generate_salt('woo') }.to raise_error(BCrypt::Errors::InvalidCost)
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
specify "should raise a InvalidCostError if the cost parameter isn't greater than 0" do
|
|
26
|
-
expect { BCrypt::Engine.generate_salt(-1) }.to raise_error(BCrypt::Errors::InvalidCost)
|
|
27
|
-
end
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
describe "Autodetecting of salt cost" do
|
|
31
|
-
|
|
32
|
-
specify "should work" do
|
|
33
|
-
expect(BCrypt::Engine.autodetect_cost("$2a$08$hRx2IVeHNsTSYYtUWn61Ou")).to eq 8
|
|
34
|
-
expect(BCrypt::Engine.autodetect_cost("$2a$05$XKd1bMnLgUnc87qvbAaCUu")).to eq 5
|
|
35
|
-
expect(BCrypt::Engine.autodetect_cost("$2a$13$Lni.CZ6z5A7344POTFBBV.")).to eq 13
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
describe "Generating BCrypt hashes" do
|
|
41
|
-
|
|
42
|
-
class MyInvalidSecret
|
|
43
|
-
undef to_s
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
before :each do
|
|
47
|
-
@salt = BCrypt::Engine.generate_salt(4)
|
|
48
|
-
@password = "woo"
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
specify "should produce a string" do
|
|
52
|
-
expect(BCrypt::Engine.hash_secret(@password, @salt)).to be_an_instance_of(String)
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
specify "should raise an InvalidSalt error if the salt is invalid" do
|
|
56
|
-
expect { BCrypt::Engine.hash_secret(@password, 'nino') }.to raise_error(BCrypt::Errors::InvalidSalt)
|
|
57
|
-
end
|
|
58
|
-
|
|
59
|
-
specify "should raise an InvalidSecret error if the secret is invalid" do
|
|
60
|
-
expect { BCrypt::Engine.hash_secret(MyInvalidSecret.new, @salt) }.to raise_error(BCrypt::Errors::InvalidSecret)
|
|
61
|
-
expect { BCrypt::Engine.hash_secret(nil, @salt) }.not_to raise_error
|
|
62
|
-
expect { BCrypt::Engine.hash_secret(false, @salt) }.not_to raise_error
|
|
63
|
-
end
|
|
64
|
-
|
|
65
|
-
specify "should call #to_s on the secret and use the return value as the actual secret data" do
|
|
66
|
-
expect(BCrypt::Engine.hash_secret(false, @salt)).to eq BCrypt::Engine.hash_secret("false", @salt)
|
|
67
|
-
end
|
|
68
|
-
|
|
69
|
-
specify "should be interoperable with other implementations" do
|
|
70
|
-
test_vectors = [
|
|
71
|
-
# test vectors from the OpenWall implementation <https://www.openwall.com/crypt/>, found in wrapper.c
|
|
72
|
-
["U*U", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"],
|
|
73
|
-
["U*U*", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK"],
|
|
74
|
-
["U*U*U", "$2a$05$XXXXXXXXXXXXXXXXXXXXXO", "$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a"],
|
|
75
|
-
["0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789chars after 72 are ignored", "$2a$05$abcdefghijklmnopqrstuu", "$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui"],
|
|
76
|
-
["\xa3", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
|
|
77
|
-
["\xff\xff\xa3", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
|
|
78
|
-
["\xff\xff\xa3", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
|
|
79
|
-
["\xff\xff\xa3", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.nqd1wy.pTMdcvrRWxyiGL2eMz.2a85."],
|
|
80
|
-
["\xff\xff\xa3", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
|
|
81
|
-
["\xa3", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
|
|
82
|
-
["\xa3", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
|
|
83
|
-
["\xa3", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
|
|
84
|
-
["1\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
|
|
85
|
-
["\xff\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
|
|
86
|
-
["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
|
|
87
|
-
["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
|
|
88
|
-
["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.ZC1JEJ8Z4gPfpe1JOr/oyPXTWl9EFd."],
|
|
89
|
-
["\xff\xa3" "345", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e"],
|
|
90
|
-
["\xff\xa3" "345", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e"],
|
|
91
|
-
["\xa3" "ab", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
|
|
92
|
-
["\xa3" "ab", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
|
|
93
|
-
["\xa3" "ab", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
|
|
94
|
-
["\xd1\x91", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O", "$2x$05$6bNw2HLQYeqHYyBfLMsv/OiwqTymGIGzFsA4hOTWebfehXHNprcAS"],
|
|
95
|
-
["\xd0\xc1\xd2\xcf\xcc\xd8", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O9LIGgn8OMzuDoHfof8AQimSGfcSWxnS"],
|
|
96
|
-
["\xaa"*72+"chars after 72 are ignored as usual", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6"],
|
|
97
|
-
["\xaa\x55"*36, "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.R9xrDjiycxMbQE2bp.vgqlYpW5wx2yy"],
|
|
98
|
-
["\x55\xaa\xff"*24, "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.9tQZzcJfm3uj2NvJ/n5xkhpqLrMpWCe"],
|
|
99
|
-
["", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy"],
|
|
100
|
-
|
|
101
|
-
# test vectors from the Java implementation, found in https://github.com/spring-projects/spring-security/blob/master/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
|
|
102
|
-
["", "$2a$06$DCq7YPn5Rq63x1Lad4cll.", "$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s."],
|
|
103
|
-
["", "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.", "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.Tl.ZHfXLhvt/SgVyWhQqgqcZ7ZuUtye"],
|
|
104
|
-
["", "$2a$10$k1wbIrmNyFAPwPVPSVa/ze", "$2a$10$k1wbIrmNyFAPwPVPSVa/zecw2BCEnBwVS2GbrmgzxFUOqW9dk4TCW"],
|
|
105
|
-
["", "$2a$12$k42ZFHFWqBp3vWli.nIn8u", "$2a$12$k42ZFHFWqBp3vWli.nIn8uYyIkbvYRvodzbfbK18SSsY.CsIQPlxO"],
|
|
106
|
-
["", "$2b$06$8eVN9RiU8Yki430X.wBvN.", "$2b$06$8eVN9RiU8Yki430X.wBvN.LWaqh2962emLVSVXVZIXJvDYLsV0oFu"],
|
|
107
|
-
["", "$2b$06$NlgfNgpIc6GlHciCkMEW8u", "$2b$06$NlgfNgpIc6GlHciCkMEW8uKOBsyvAp7QwlHpysOlKdtyEw50WQua2"],
|
|
108
|
-
["", "$2y$06$mFDtkz6UN7B3GZ2qi2hhaO", "$2y$06$mFDtkz6UN7B3GZ2qi2hhaO3OFWzNEdcY84ELw6iHCPruuQfSAXBLK"],
|
|
109
|
-
["", "$2y$06$88kSqVttBx.e9iXTPCLa5u", "$2y$06$88kSqVttBx.e9iXTPCLa5uFPrVFjfLH4D.KcO6pBiAmvUkvdg0EYy"],
|
|
110
|
-
["a", "$2a$06$m0CrhHm10qJ3lXRY.5zDGO", "$2a$06$m0CrhHm10qJ3lXRY.5zDGO3rS2KdeeWLuGmsfGlMfOxih58VYVfxe"],
|
|
111
|
-
["a", "$2a$08$cfcvVd2aQ8CMvoMpP2EBfe", "$2a$08$cfcvVd2aQ8CMvoMpP2EBfeodLEkkFJ9umNEfPD18.hUF62qqlC/V."],
|
|
112
|
-
["a", "$2a$10$k87L/MF28Q673VKh8/cPi.", "$2a$10$k87L/MF28Q673VKh8/cPi.SUl7MU/rWuSiIDDFayrKk/1tBsSQu4u"],
|
|
113
|
-
["a", "$2a$12$8NJH3LsPrANStV6XtBakCe", "$2a$12$8NJH3LsPrANStV6XtBakCez0cKHXVxmvxIlcz785vxAIZrihHZpeS"],
|
|
114
|
-
["a", "$2b$06$ehKGYiS4wt2HAr7KQXS5z.", "$2b$06$ehKGYiS4wt2HAr7KQXS5z.OaRjB4jHO7rBHJKlGXbqEH3QVJfO7iO"],
|
|
115
|
-
["a", "$2b$06$PWxFFHA3HiCD46TNOZh30e", "$2b$06$PWxFFHA3HiCD46TNOZh30eNto1hg5uM9tHBlI4q/b03SW/gGKUYk6"],
|
|
116
|
-
["a", "$2y$06$LUdD6/aD0e/UbnxVAVbvGu", "$2y$06$LUdD6/aD0e/UbnxVAVbvGuUmIoJ3l/OK94ThhadpMWwKC34LrGEey"],
|
|
117
|
-
["a", "$2y$06$eqgY.T2yloESMZxgp76deO", "$2y$06$eqgY.T2yloESMZxgp76deOROa7nzXDxbO0k.PJvuClTa.Vu1AuemG"],
|
|
118
|
-
["abc", "$2a$06$If6bvum7DFjUnE9p2uDeDu", "$2a$06$If6bvum7DFjUnE9p2uDeDu0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i"],
|
|
119
|
-
["abc", "$2a$08$Ro0CUfOqk6cXEKf3dyaM7O", "$2a$08$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm"],
|
|
120
|
-
["abc", "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.", "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.hLA2W6N9AEBhEgrAOljy2Ae5MtaSIUi"],
|
|
121
|
-
["abc", "$2a$12$EXRkfkdmXn2gzds2SSitu.", "$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q"],
|
|
122
|
-
["abc", "$2b$06$5FyQoicpbox1xSHFfhhdXu", "$2b$06$5FyQoicpbox1xSHFfhhdXuR2oxLpO1rYsQh5RTkI/9.RIjtoF0/ta"],
|
|
123
|
-
["abc", "$2b$06$1kJyuho8MCVP3HHsjnRMkO", "$2b$06$1kJyuho8MCVP3HHsjnRMkO1nvCOaKTqLnjG2TX1lyMFbXH/aOkgc."],
|
|
124
|
-
["abc", "$2y$06$ACfku9dT6.H8VjdKb8nhlu", "$2y$06$ACfku9dT6.H8VjdKb8nhluaoBmhJyK7GfoNScEfOfrJffUxoUeCjK"],
|
|
125
|
-
["abc", "$2y$06$9JujYcoWPmifvFA3RUP90e", "$2y$06$9JujYcoWPmifvFA3RUP90e5rSEHAb5Ye6iv3.G9ikiHNv5cxjNEse"],
|
|
126
|
-
["abcdefghijklmnopqrstuvwxyz", "$2a$06$.rCVZVOThsIa97pEDOxvGu", "$2a$06$.rCVZVOThsIa97pEDOxvGuRRgzG64bvtJ0938xuqzv18d3ZpQhstC"],
|
|
127
|
-
["abcdefghijklmnopqrstuvwxyz", "$2a$08$aTsUwsyowQuzRrDqFflhge", "$2a$08$aTsUwsyowQuzRrDqFflhgekJ8d9/7Z3GV3UcgvzQW3J5zMyrTvlz."],
|
|
128
|
-
["abcdefghijklmnopqrstuvwxyz", "$2a$10$fVH8e28OQRj9tqiDXs1e1u", "$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq"],
|
|
129
|
-
["abcdefghijklmnopqrstuvwxyz", "$2a$12$D4G5f18o7aMMfwasBL7Gpu", "$2a$12$D4G5f18o7aMMfwasBL7GpuQWuP3pkrZrOAnqP.bmezbMng.QwJ/pG"],
|
|
130
|
-
["abcdefghijklmnopqrstuvwxyz", "$2b$06$O8E89AQPj1zJQA05YvIAU.", "$2b$06$O8E89AQPj1zJQA05YvIAU.hMpj25BXri1bupl/Q7CJMlpLwZDNBoO"],
|
|
131
|
-
["abcdefghijklmnopqrstuvwxyz", "$2b$06$PDqIWr./o/P3EE/P.Q0A/u", "$2b$06$PDqIWr./o/P3EE/P.Q0A/uFg86WL/PXTbaW267TDALEwDylqk00Z."],
|
|
132
|
-
["abcdefghijklmnopqrstuvwxyz", "$2y$06$34MG90ZLah8/ZNr3ltlHCu", "$2y$06$34MG90ZLah8/ZNr3ltlHCuz6bachF8/3S5jTuzF1h2qg2cUk11sFW"],
|
|
133
|
-
["abcdefghijklmnopqrstuvwxyz", "$2y$06$AK.hSLfMyw706iEW24i68u", "$2y$06$AK.hSLfMyw706iEW24i68uKAc2yorPTrB0cimvjJHEBUrPkOq7VvG"],
|
|
134
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$06$fPIsBO8qRqkjj273rfaOI.", "$2a$06$fPIsBO8qRqkjj273rfaOI.HtSV9jLDpTbZn782DC6/t7qT67P6FfO"],
|
|
135
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$08$Eq2r4G/76Wv39MzSX262hu", "$2a$08$Eq2r4G/76Wv39MzSX262huzPz612MZiYHVUJe/OcOql2jo4.9UxTW"],
|
|
136
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$10$LgfYWkbzEvQ4JakH7rOvHe", "$2a$10$LgfYWkbzEvQ4JakH7rOvHe0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS"],
|
|
137
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$12$WApznUOJfkEGSmYRfnkrPO", "$2a$12$WApznUOJfkEGSmYRfnkrPOr466oFDCaj4b6HY3EXGvfxm43seyhgC"],
|
|
138
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2b$06$FGWA8OlY6RtQhXBXuCJ8Wu", "$2b$06$FGWA8OlY6RtQhXBXuCJ8WusVipRI15cWOgJK8MYpBHEkktMfbHRIG"],
|
|
139
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2b$06$G6aYU7UhUEUDJBdTgq3CRe", "$2b$06$G6aYU7UhUEUDJBdTgq3CRekiopCN4O4sNitFXrf5NUscsVZj3a2r6"],
|
|
140
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2y$06$sYDFHqOcXTjBgOsqC0WCKe", "$2y$06$sYDFHqOcXTjBgOsqC0WCKeMd3T1UhHuWQSxncLGtXDLMrcE6vFDti"],
|
|
141
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2y$06$6Xm0gCw4g7ZNDCEp4yTise", "$2y$06$6Xm0gCw4g7ZNDCEp4yTisez0kSdpXEl66MvdxGidnmChIe8dFmMnq"]
|
|
142
|
-
]
|
|
143
|
-
for secret, salt, test_vector in test_vectors
|
|
144
|
-
expect(BCrypt::Engine.hash_secret(secret, salt)).to eql(test_vector)
|
|
145
|
-
end
|
|
146
|
-
end
|
|
147
|
-
end
|
data/spec/bcrypt/error_spec.rb
DELETED
|
@@ -1,37 +0,0 @@
|
|
|
1
|
-
require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
|
|
2
|
-
|
|
3
|
-
describe "Errors" do
|
|
4
|
-
|
|
5
|
-
shared_examples "descends from StandardError" do
|
|
6
|
-
it "can be rescued as a StandardError" do
|
|
7
|
-
expect(described_class).to be < StandardError
|
|
8
|
-
end
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
shared_examples "descends from BCrypt::Error" do
|
|
12
|
-
it "can be rescued as a BCrypt::Error" do
|
|
13
|
-
expect(described_class).to be < BCrypt::Error
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
describe BCrypt::Error do
|
|
18
|
-
include_examples "descends from StandardError"
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
describe BCrypt::Errors::InvalidCost do
|
|
22
|
-
include_examples "descends from BCrypt::Error"
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
describe BCrypt::Errors::InvalidHash do
|
|
26
|
-
include_examples "descends from BCrypt::Error"
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
describe BCrypt::Errors::InvalidSalt do
|
|
30
|
-
include_examples "descends from BCrypt::Error"
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
describe BCrypt::Errors::InvalidSecret do
|
|
34
|
-
include_examples "descends from BCrypt::Error"
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
end
|
|
@@ -1,124 +0,0 @@
|
|
|
1
|
-
require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
|
|
2
|
-
|
|
3
|
-
describe "Creating a hashed password" do
|
|
4
|
-
|
|
5
|
-
before :each do
|
|
6
|
-
@secret = "wheedle"
|
|
7
|
-
@password = BCrypt::Password.create(@secret, :cost => 4)
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
specify "should return a BCrypt::Password" do
|
|
11
|
-
expect(@password).to be_an_instance_of(BCrypt::Password)
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
specify "should return a valid bcrypt password" do
|
|
15
|
-
expect { BCrypt::Password.new(@password) }.not_to raise_error
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
specify "should behave normally if the secret is not a string" do
|
|
19
|
-
expect { BCrypt::Password.create(nil) }.not_to raise_error
|
|
20
|
-
expect { BCrypt::Password.create({:woo => "yeah"}) }.not_to raise_error
|
|
21
|
-
expect { BCrypt::Password.create(false) }.not_to raise_error
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
specify "should tolerate empty string secrets" do
|
|
25
|
-
expect { BCrypt::Password.create( "\n".chop ) }.not_to raise_error
|
|
26
|
-
expect { BCrypt::Password.create( "" ) }.not_to raise_error
|
|
27
|
-
expect { BCrypt::Password.create( String.new ) }.not_to raise_error
|
|
28
|
-
end
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
describe "Reading a hashed password" do
|
|
32
|
-
before :each do
|
|
33
|
-
@secret = "U*U"
|
|
34
|
-
@hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
specify "the cost is too damn high" do
|
|
38
|
-
expect {
|
|
39
|
-
BCrypt::Password.create("hello", :cost => 32)
|
|
40
|
-
}.to raise_error(ArgumentError)
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
specify "the cost should be set to the default if nil" do
|
|
44
|
-
expect(BCrypt::Password.create("hello", :cost => nil).cost).to equal(BCrypt::Engine::DEFAULT_COST)
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
specify "the cost should be set to the default if empty hash" do
|
|
48
|
-
expect(BCrypt::Password.create("hello", {}).cost).to equal(BCrypt::Engine::DEFAULT_COST)
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
specify "the cost should be set to the passed value if provided" do
|
|
52
|
-
expect(BCrypt::Password.create("hello", :cost => 5).cost).to equal(5)
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
specify "the cost should be set to the global value if set" do
|
|
56
|
-
BCrypt::Engine.cost = 5
|
|
57
|
-
expect(BCrypt::Password.create("hello").cost).to equal(5)
|
|
58
|
-
# unset the global value to not affect other tests
|
|
59
|
-
BCrypt::Engine.cost = nil
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
specify "the cost should be set to an overridden constant for backwards compatibility" do
|
|
63
|
-
# suppress "already initialized constant" warning
|
|
64
|
-
old_verbose, $VERBOSE = $VERBOSE, nil
|
|
65
|
-
old_default_cost = BCrypt::Engine::DEFAULT_COST
|
|
66
|
-
|
|
67
|
-
BCrypt::Engine::DEFAULT_COST = 5
|
|
68
|
-
expect(BCrypt::Password.create("hello").cost).to equal(5)
|
|
69
|
-
|
|
70
|
-
# reset default to not affect other tests
|
|
71
|
-
BCrypt::Engine::DEFAULT_COST = old_default_cost
|
|
72
|
-
$VERBOSE = old_verbose
|
|
73
|
-
end
|
|
74
|
-
|
|
75
|
-
specify "should read the version, cost, salt, and hash" do
|
|
76
|
-
password = BCrypt::Password.new(@hash)
|
|
77
|
-
expect(password.version).to eql("2a")
|
|
78
|
-
expect(password.version.class).to eq String
|
|
79
|
-
expect(password.cost).to equal(5)
|
|
80
|
-
expect(password.salt).to eql("$2a$05$CCCCCCCCCCCCCCCCCCCCC.")
|
|
81
|
-
expect(password.salt.class).to eq String
|
|
82
|
-
expect(password.checksum).to eq("E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW")
|
|
83
|
-
expect(password.checksum.class).to eq String
|
|
84
|
-
expect(password.to_s).to eql(@hash)
|
|
85
|
-
end
|
|
86
|
-
|
|
87
|
-
specify "should raise an InvalidHashError when given an invalid hash" do
|
|
88
|
-
expect { BCrypt::Password.new('weedle') }.to raise_error(BCrypt::Errors::InvalidHash)
|
|
89
|
-
end
|
|
90
|
-
end
|
|
91
|
-
|
|
92
|
-
describe "Comparing a hashed password with a secret" do
|
|
93
|
-
before :each do
|
|
94
|
-
@secret = "U*U"
|
|
95
|
-
@hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
|
|
96
|
-
@password = BCrypt::Password.create(@secret)
|
|
97
|
-
end
|
|
98
|
-
|
|
99
|
-
specify "should compare successfully to the original secret" do
|
|
100
|
-
expect((@password == @secret)).to be(true)
|
|
101
|
-
end
|
|
102
|
-
|
|
103
|
-
specify "should compare unsuccessfully to anything besides original secret" do
|
|
104
|
-
expect((@password == "@secret")).to be(false)
|
|
105
|
-
end
|
|
106
|
-
end
|
|
107
|
-
|
|
108
|
-
describe "Validating a generated salt" do
|
|
109
|
-
specify "should not accept an invalid salt" do
|
|
110
|
-
expect(BCrypt::Engine.valid_salt?("invalid")).to eq(false)
|
|
111
|
-
end
|
|
112
|
-
specify "should accept a valid salt" do
|
|
113
|
-
expect(BCrypt::Engine.valid_salt?(BCrypt::Engine.generate_salt)).to eq(true)
|
|
114
|
-
end
|
|
115
|
-
end
|
|
116
|
-
|
|
117
|
-
describe "Validating a password hash" do
|
|
118
|
-
specify "should not accept an invalid password" do
|
|
119
|
-
expect(BCrypt::Password.valid_hash?("i_am_so_not_valid")).to be_falsey
|
|
120
|
-
end
|
|
121
|
-
specify "should accept a valid password" do
|
|
122
|
-
expect(BCrypt::Password.valid_hash?(BCrypt::Password.create "i_am_so_valid")).to be_truthy
|
|
123
|
-
end
|
|
124
|
-
end
|
data/spec/spec_helper.rb
DELETED