bcrypt 3.1.15-java → 3.1.18-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ruby.yml +59 -0
- data/.gitignore +1 -0
- data/CHANGELOG +13 -1
- data/README.md +4 -6
- data/bcrypt.gemspec +3 -3
- data/ext/mri/bcrypt_ext.c +69 -17
- data/ext/mri/wrapper.c +1 -1
- data/lib/bcrypt/engine.rb +14 -5
- data/lib/bcrypt/password.rb +12 -2
- data/lib/bcrypt_ext.jar +0 -0
- data/spec/bcrypt/engine_spec.rb +21 -2
- data/spec/bcrypt/password_spec.rb +7 -0
- metadata +9 -11
- data/.travis.yml +0 -23
- data/Gemfile.lock +0 -37
- data/appveyor.yml +0 -50
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f35948f2d6985ec5e338d0dd89e2481e0c2e91df63a9623b02bad157c1da0967
|
4
|
+
data.tar.gz: c9cdd80dbf146b2497091bc2e09b613fea5784eacf7e570bcebb7e4a0c3b175c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3c5d43f9ff8813d14f866a5a87354b0f3152dff9c2b75ab08a7b70e0e84e8f71d2582b36cbdb71b3d45f68fa1a3cd38f30de75db812c5bc23ff613918070a09a
|
7
|
+
data.tar.gz: 8ec660bd584fc110d347dbd5a4d1d0c1cf75e36e7ac9f455a7ed86c100c8111c3f62ef3b4ae5aa15275d30d034d1289756eb1104ed55ad4ff8656c21836cdab6
|
@@ -0,0 +1,59 @@
|
|
1
|
+
name: Test Suite
|
2
|
+
|
3
|
+
# Run against all commits and pull requests.
|
4
|
+
on: [ push, pull_request ]
|
5
|
+
|
6
|
+
jobs:
|
7
|
+
test_matrix:
|
8
|
+
|
9
|
+
strategy:
|
10
|
+
fail-fast: false
|
11
|
+
matrix:
|
12
|
+
os:
|
13
|
+
- ubuntu
|
14
|
+
- macos
|
15
|
+
- windows
|
16
|
+
ruby:
|
17
|
+
- 2.1
|
18
|
+
- 2.2
|
19
|
+
- 2.3
|
20
|
+
- 2.4
|
21
|
+
- 2.5
|
22
|
+
- 2.6
|
23
|
+
- 2.7
|
24
|
+
- '3.0'
|
25
|
+
- 3.1
|
26
|
+
- head
|
27
|
+
- jruby
|
28
|
+
- jruby-head
|
29
|
+
- truffleruby
|
30
|
+
- truffleruby-head
|
31
|
+
- mingw
|
32
|
+
exclude:
|
33
|
+
- { os: ubuntu, ruby: mingw }
|
34
|
+
- { os: macos, ruby: mingw }
|
35
|
+
- { os: windows, ruby: truffleruby }
|
36
|
+
- { os: windows, ruby: truffleruby-head }
|
37
|
+
|
38
|
+
runs-on: ${{ matrix.os }}-latest
|
39
|
+
|
40
|
+
steps:
|
41
|
+
- uses: actions/checkout@v2
|
42
|
+
- name: Set up Ruby
|
43
|
+
uses: ruby/setup-ruby@v1
|
44
|
+
with:
|
45
|
+
ruby-version: ${{ matrix.ruby }}
|
46
|
+
bundler-cache: true
|
47
|
+
env:
|
48
|
+
JAVA_OPTS: -Djdk.io.File.enableADS=true
|
49
|
+
- name: Run tests
|
50
|
+
run: bundle exec rake default
|
51
|
+
env:
|
52
|
+
JAVA_OPTS: -Djdk.io.File.enableADS=true
|
53
|
+
|
54
|
+
finish:
|
55
|
+
runs-on: ubuntu-latest
|
56
|
+
needs: [ test_matrix ]
|
57
|
+
steps:
|
58
|
+
- name: Wait for status checks
|
59
|
+
run: echo "All Green!"
|
data/.gitignore
CHANGED
data/CHANGELOG
CHANGED
@@ -1,3 +1,15 @@
|
|
1
|
+
3.1.18 May 16 2022
|
2
|
+
- Unlock GVL when calculating hashes and salts [GH #260]
|
3
|
+
- Fix compilation warnings in `ext/mri/bcrypt_ext.c` [GH #261]
|
4
|
+
|
5
|
+
3.1.17 Mar 14 2022
|
6
|
+
- Fix regex in validators to use \A and \z instead of ^ and $ [GH #121]
|
7
|
+
- Truncate secrets greater than 72 bytes in hash_secret [GH #255]
|
8
|
+
- Assorted test and doc improvements
|
9
|
+
|
10
|
+
3.1.16 Sep 3 2020
|
11
|
+
- Fix compilation on FreeBSD. [GH #234]
|
12
|
+
|
1
13
|
3.1.15 July 21 2020
|
2
14
|
- Remove GVL optimization. Apparently it breaks things [GH #230]
|
3
15
|
|
@@ -13,7 +25,7 @@
|
|
13
25
|
|
14
26
|
3.1.12 May 16 2018
|
15
27
|
- Add support for Ruby 2.3, 2.4, and 2.5 in compiled Windows binaries
|
16
|
-
- Fix compatibility with libxcrypt [GH #164 by @besser82]
|
28
|
+
- Fix compatibility with libxcrypt - Fixes hash errors in Fedora 28 and Ubuntu 20 [GH #164 by @besser82]
|
17
29
|
|
18
30
|
3.1.11 Mar 06 2016
|
19
31
|
- Add support for Ruby 2.2 in compiled Windows binaries
|
data/README.md
CHANGED
@@ -2,11 +2,9 @@
|
|
2
2
|
|
3
3
|
An easy way to keep your users' passwords secure.
|
4
4
|
|
5
|
-
* https://github.com/
|
6
|
-
|
7
|
-
[![Travis Build Status](https://travis-ci.org/codahale/bcrypt-ruby.svg?branch=master)](https://travis-ci.org/codahale/bcrypt-ruby)
|
8
|
-
[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/6fplerx9lnaf0hyo?svg=true)](https://ci.appveyor.com/project/TJSchuck35975/bcrypt-ruby)
|
5
|
+
* https://github.com/bcrypt-ruby/bcrypt-ruby/tree/master
|
9
6
|
|
7
|
+
[![Github Actions Build Status](https://github.com/bcrypt-ruby/bcrypt-ruby/actions/workflows/ruby.yml/badge.svg?branch=master)](https://github.com/bcrypt-ruby/bcrypt-ruby/actions/workflows/ruby.yml)
|
10
8
|
|
11
9
|
## Why you should use `bcrypt()`
|
12
10
|
|
@@ -32,8 +30,8 @@ re-hash those passwords. This vulnerability only affected the JRuby gem.
|
|
32
30
|
The bcrypt gem is available on the following Ruby platforms:
|
33
31
|
|
34
32
|
* JRuby
|
35
|
-
* RubyInstaller 2.0 –
|
36
|
-
* Any 2.0 –
|
33
|
+
* RubyInstaller 2.0 – 3.0 builds on Windows with the DevKit
|
34
|
+
* Any 2.0 – 3.0 Ruby on a BSD/OS X/Linux system with a compiler
|
37
35
|
|
38
36
|
## How to use `bcrypt()` in your Rails application
|
39
37
|
|
data/bcrypt.gemspec
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'bcrypt'
|
3
|
-
s.version = '3.1.
|
3
|
+
s.version = '3.1.18'
|
4
4
|
|
5
5
|
s.summary = "OpenBSD's bcrypt() password hashing algorithm."
|
6
6
|
s.description = <<-EOF
|
@@ -12,7 +12,7 @@ Gem::Specification.new do |s|
|
|
12
12
|
s.files = `git ls-files`.split("\n")
|
13
13
|
s.require_path = 'lib'
|
14
14
|
|
15
|
-
s.add_development_dependency 'rake-compiler', '~>
|
15
|
+
s.add_development_dependency 'rake-compiler', '~> 1.2.0'
|
16
16
|
s.add_development_dependency 'rspec', '>= 3'
|
17
17
|
|
18
18
|
s.rdoc_options += ['--title', 'bcrypt-ruby', '--line-numbers', '--inline-source', '--main', 'README.md']
|
@@ -22,6 +22,6 @@ Gem::Specification.new do |s|
|
|
22
22
|
|
23
23
|
s.authors = ["Coda Hale"]
|
24
24
|
s.email = "coda.hale@gmail.com"
|
25
|
-
s.homepage = "https://github.com/
|
25
|
+
s.homepage = "https://github.com/bcrypt-ruby/bcrypt-ruby"
|
26
26
|
s.license = "MIT"
|
27
27
|
end
|
data/ext/mri/bcrypt_ext.c
CHANGED
@@ -1,20 +1,50 @@
|
|
1
1
|
#include <ruby.h>
|
2
2
|
#include <ow-crypt.h>
|
3
3
|
|
4
|
+
#ifdef HAVE_RUBY_THREAD_H
|
5
|
+
#include <ruby/thread.h>
|
6
|
+
#endif
|
7
|
+
|
4
8
|
static VALUE mBCrypt;
|
5
9
|
static VALUE cBCryptEngine;
|
6
10
|
|
11
|
+
struct bc_salt_args {
|
12
|
+
const char * prefix;
|
13
|
+
unsigned long count;
|
14
|
+
const char * input;
|
15
|
+
int size;
|
16
|
+
};
|
17
|
+
|
18
|
+
static void * bc_salt_nogvl(void * ptr) {
|
19
|
+
struct bc_salt_args * args = ptr;
|
20
|
+
|
21
|
+
return crypt_gensalt_ra(args->prefix, args->count, args->input, args->size);
|
22
|
+
}
|
23
|
+
|
7
24
|
/* Given a logarithmic cost parameter, generates a salt for use with +bc_crypt+.
|
8
25
|
*/
|
9
26
|
static VALUE bc_salt(VALUE self, VALUE prefix, VALUE count, VALUE input) {
|
10
27
|
char * salt;
|
11
28
|
VALUE str_salt;
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
29
|
+
struct bc_salt_args args;
|
30
|
+
|
31
|
+
/* duplicate the parameters for thread safety. If another thread has a
|
32
|
+
* reference to the parameters and mutates them while we are working,
|
33
|
+
* that would be very bad. Duping the strings means that the reference
|
34
|
+
* isn't shared. */
|
35
|
+
prefix = rb_str_new_frozen(prefix);
|
36
|
+
input = rb_str_new_frozen(input);
|
37
|
+
|
38
|
+
args.prefix = StringValueCStr(prefix);
|
39
|
+
args.count = NUM2ULONG(count);
|
40
|
+
args.input = NIL_P(input) ? NULL : StringValuePtr(input);
|
41
|
+
args.size = NIL_P(input) ? 0 : RSTRING_LEN(input);
|
42
|
+
|
43
|
+
#ifdef HAVE_RUBY_THREAD_H
|
44
|
+
salt = rb_thread_call_without_gvl(bc_salt_nogvl, &args, NULL, NULL);
|
45
|
+
#else
|
46
|
+
salt = bc_salt_nogvl((void *)&args);
|
47
|
+
#endif
|
18
48
|
|
19
49
|
if(!salt) return Qnil;
|
20
50
|
|
@@ -24,30 +54,52 @@ static VALUE bc_salt(VALUE self, VALUE prefix, VALUE count, VALUE input) {
|
|
24
54
|
return str_salt;
|
25
55
|
}
|
26
56
|
|
57
|
+
struct bc_crypt_args {
|
58
|
+
const char * key;
|
59
|
+
const char * setting;
|
60
|
+
void * data;
|
61
|
+
int size;
|
62
|
+
};
|
63
|
+
|
64
|
+
static void * bc_crypt_nogvl(void * ptr) {
|
65
|
+
struct bc_crypt_args * args = ptr;
|
66
|
+
|
67
|
+
return crypt_ra(args->key, args->setting, &args->data, &args->size);
|
68
|
+
}
|
69
|
+
|
27
70
|
/* Given a secret and a salt, generates a salted hash (which you can then store safely).
|
28
71
|
*/
|
29
72
|
static VALUE bc_crypt(VALUE self, VALUE key, VALUE setting) {
|
30
73
|
char * value;
|
31
|
-
void * data;
|
32
|
-
int size;
|
33
74
|
VALUE out;
|
34
75
|
|
35
|
-
|
36
|
-
size = 0xDEADBEEF;
|
76
|
+
struct bc_crypt_args args;
|
37
77
|
|
38
78
|
if(NIL_P(key) || NIL_P(setting)) return Qnil;
|
39
79
|
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
80
|
+
/* duplicate the parameters for thread safety. If another thread has a
|
81
|
+
* reference to the parameters and mutates them while we are working,
|
82
|
+
* that would be very bad. Duping the strings means that the reference
|
83
|
+
* isn't shared. */
|
84
|
+
key = rb_str_new_frozen(key);
|
85
|
+
setting = rb_str_new_frozen(setting);
|
86
|
+
|
87
|
+
args.data = NULL;
|
88
|
+
args.size = 0xDEADBEEF;
|
89
|
+
args.key = NIL_P(key) ? NULL : StringValueCStr(key);
|
90
|
+
args.setting = NIL_P(setting) ? NULL : StringValueCStr(setting);
|
91
|
+
|
92
|
+
#ifdef HAVE_RUBY_THREAD_H
|
93
|
+
value = rb_thread_call_without_gvl(bc_crypt_nogvl, &args, NULL, NULL);
|
94
|
+
#else
|
95
|
+
value = bc_crypt_nogvl((void *)&args);
|
96
|
+
#endif
|
45
97
|
|
46
|
-
if(!value || !data) return Qnil;
|
98
|
+
if(!value || !args.data) return Qnil;
|
47
99
|
|
48
100
|
out = rb_str_new2(value);
|
49
101
|
|
50
|
-
|
102
|
+
free(args.data);
|
51
103
|
|
52
104
|
return out;
|
53
105
|
}
|
data/ext/mri/wrapper.c
CHANGED
@@ -179,7 +179,7 @@ char *crypt_ra(const char *key, const char *setting,
|
|
179
179
|
return _crypt_blowfish_rn(key, setting, (char *)*data, *size);
|
180
180
|
}
|
181
181
|
|
182
|
-
char *crypt_r(const char *key, const char *setting,
|
182
|
+
char *crypt_r(const char *key, const char *setting, struct crypt_data *data)
|
183
183
|
{
|
184
184
|
return _crypt_retval_magic(
|
185
185
|
crypt_rn(key, setting, data, CRYPT_OUTPUT_SIZE),
|
data/lib/bcrypt/engine.rb
CHANGED
@@ -7,6 +7,14 @@ module BCrypt
|
|
7
7
|
MIN_COST = 4
|
8
8
|
# The maximum cost supported by the algorithm.
|
9
9
|
MAX_COST = 31
|
10
|
+
# Maximum possible size of bcrypt() secrets.
|
11
|
+
# Older versions of the bcrypt library would truncate passwords longer
|
12
|
+
# than 72 bytes, but newer ones do not. We truncate like the old library for
|
13
|
+
# forward compatibility. This way users upgrading from Ubuntu 18.04 to 20.04
|
14
|
+
# will not have their user passwords invalidated, for example.
|
15
|
+
# A max secret length greater than 255 leads to bcrypt returning nil.
|
16
|
+
# https://github.com/bcrypt-ruby/bcrypt-ruby/issues/225#issuecomment-875908425
|
17
|
+
MAX_SECRET_BYTESIZE = 72
|
10
18
|
# Maximum possible size of bcrypt() salts.
|
11
19
|
MAX_SALT_LENGTH = 16
|
12
20
|
|
@@ -43,14 +51,16 @@ module BCrypt
|
|
43
51
|
end
|
44
52
|
|
45
53
|
# Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates
|
46
|
-
# a bcrypt() password hash.
|
54
|
+
# a bcrypt() password hash. Secrets longer than 72 bytes are truncated.
|
47
55
|
def self.hash_secret(secret, salt, _ = nil)
|
48
56
|
if valid_secret?(secret)
|
49
57
|
if valid_salt?(salt)
|
50
58
|
if RUBY_PLATFORM == "java"
|
51
59
|
Java.bcrypt_jruby.BCrypt.hashpw(secret.to_s.to_java_bytes, salt.to_s)
|
52
60
|
else
|
53
|
-
|
61
|
+
secret = secret.to_s
|
62
|
+
secret = secret.byteslice(0, MAX_SECRET_BYTESIZE) if secret && secret.bytesize > MAX_SECRET_BYTESIZE
|
63
|
+
__bc_crypt(secret, salt)
|
54
64
|
end
|
55
65
|
else
|
56
66
|
raise Errors::InvalidSalt.new("invalid salt")
|
@@ -70,8 +80,7 @@ module BCrypt
|
|
70
80
|
if RUBY_PLATFORM == "java"
|
71
81
|
Java.bcrypt_jruby.BCrypt.gensalt(cost)
|
72
82
|
else
|
73
|
-
|
74
|
-
__bc_salt(prefix, cost, OpenSSL::Random.random_bytes(MAX_SALT_LENGTH))
|
83
|
+
__bc_salt("$2a$", cost, OpenSSL::Random.random_bytes(MAX_SALT_LENGTH))
|
75
84
|
end
|
76
85
|
else
|
77
86
|
raise Errors::InvalidCost.new("cost must be numeric and > 0")
|
@@ -80,7 +89,7 @@ module BCrypt
|
|
80
89
|
|
81
90
|
# Returns true if +salt+ is a valid bcrypt() salt, false if not.
|
82
91
|
def self.valid_salt?(salt)
|
83
|
-
!!(salt =~
|
92
|
+
!!(salt =~ /\A\$[0-9a-z]{2,}\$[0-9]{2,}\$[A-Za-z0-9\.\/]{22,}\z/)
|
84
93
|
end
|
85
94
|
|
86
95
|
# Returns true if +secret+ is a valid bcrypt() secret, false if not.
|
data/lib/bcrypt/password.rb
CHANGED
@@ -47,7 +47,7 @@ module BCrypt
|
|
47
47
|
end
|
48
48
|
|
49
49
|
def valid_hash?(h)
|
50
|
-
|
50
|
+
/\A\$[0-9a-z]{2}\$[0-9]{2}\$[A-Za-z0-9\.\/]{53}\z/ === h
|
51
51
|
end
|
52
52
|
end
|
53
53
|
|
@@ -62,6 +62,17 @@ module BCrypt
|
|
62
62
|
end
|
63
63
|
|
64
64
|
# Compares a potential secret against the hash. Returns true if the secret is the original secret, false otherwise.
|
65
|
+
#
|
66
|
+
# Comparison edge case/gotcha:
|
67
|
+
#
|
68
|
+
# secret = "my secret"
|
69
|
+
# @password = BCrypt::Password.create(secret)
|
70
|
+
#
|
71
|
+
# @password == secret # => True
|
72
|
+
# @password == @password # => False
|
73
|
+
# @password == @password.to_s # => False
|
74
|
+
# @password.to_s == @password # => True
|
75
|
+
# @password.to_s == @password.to_s # => True
|
65
76
|
def ==(secret)
|
66
77
|
super(BCrypt::Engine.hash_secret(secret, @salt))
|
67
78
|
end
|
@@ -83,5 +94,4 @@ module BCrypt
|
|
83
94
|
return v.to_str, c.to_i, h[0, 29].to_str, mash[-31, 31].to_str
|
84
95
|
end
|
85
96
|
end
|
86
|
-
|
87
97
|
end
|
data/lib/bcrypt_ext.jar
CHANGED
Binary file
|
data/spec/bcrypt/engine_spec.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
|
2
|
+
require 'securerandom'
|
2
3
|
|
3
4
|
describe 'BCrypt::Engine' do
|
4
5
|
describe '.calibrate(upper_time_limit_in_ms)' do
|
@@ -12,8 +13,11 @@ end
|
|
12
13
|
|
13
14
|
describe "The BCrypt engine" do
|
14
15
|
specify "should calculate the optimal cost factor to fit in a specific time" do
|
15
|
-
|
16
|
-
|
16
|
+
start_time = Time.now
|
17
|
+
BCrypt::Password.create("testing testing", :cost => BCrypt::Engine::MIN_COST + 1)
|
18
|
+
min_time_ms = (Time.now - start_time) * 1000
|
19
|
+
first = BCrypt::Engine.calibrate(min_time_ms)
|
20
|
+
second = BCrypt::Engine.calibrate(min_time_ms * 4)
|
17
21
|
expect(second).to be > first
|
18
22
|
end
|
19
23
|
end
|
@@ -154,4 +158,19 @@ describe "Generating BCrypt hashes" do
|
|
154
158
|
expect(BCrypt::Engine.hash_secret(secret, salt)).to eql(test_vector)
|
155
159
|
end
|
156
160
|
end
|
161
|
+
|
162
|
+
specify "should truncate long 1-byte character secrets to 72 bytes" do
|
163
|
+
# 'b' as a base triggers the failure at 256 characters, but 'a' does not.
|
164
|
+
too_long_secret = 'b'*(BCrypt::Engine::MAX_SECRET_BYTESIZE + 1)
|
165
|
+
just_right_secret = 'b'*BCrypt::Engine::MAX_SECRET_BYTESIZE
|
166
|
+
expect(BCrypt::Engine.hash_secret(too_long_secret, @salt)).to eq(BCrypt::Engine.hash_secret(just_right_secret, @salt))
|
167
|
+
end
|
168
|
+
|
169
|
+
specify "should truncate long multi-byte character secrets to 72 bytes" do
|
170
|
+
# 256 times causes bcrypt to return nil for libxcrypt > 4.4.18-4.
|
171
|
+
too_long_secret = '𐐷'*256
|
172
|
+
# 𐐷 takes 4 bytes in UTF-8. 18 times is 72 bytes
|
173
|
+
just_right_secret = '𐐷'*18
|
174
|
+
expect(BCrypt::Engine.hash_secret(too_long_secret, @salt)).to eq(BCrypt::Engine.hash_secret(just_right_secret, @salt))
|
175
|
+
end
|
157
176
|
end
|
@@ -1,4 +1,5 @@
|
|
1
1
|
require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
|
2
|
+
require 'securerandom'
|
2
3
|
|
3
4
|
describe "Creating a hashed password" do
|
4
5
|
|
@@ -26,6 +27,10 @@ describe "Creating a hashed password" do
|
|
26
27
|
expect { BCrypt::Password.create( "" ) }.not_to raise_error
|
27
28
|
expect { BCrypt::Password.create( String.new ) }.not_to raise_error
|
28
29
|
end
|
30
|
+
|
31
|
+
specify "should tolerate very long string secrets" do
|
32
|
+
expect { BCrypt::Password.create("abcd"*1024) }.not_to raise_error
|
33
|
+
end
|
29
34
|
end
|
30
35
|
|
31
36
|
describe "Reading a hashed password" do
|
@@ -108,6 +113,7 @@ end
|
|
108
113
|
describe "Validating a generated salt" do
|
109
114
|
specify "should not accept an invalid salt" do
|
110
115
|
expect(BCrypt::Engine.valid_salt?("invalid")).to eq(false)
|
116
|
+
expect(BCrypt::Engine.valid_salt?("invalid\n#{BCrypt::Engine.generate_salt}\ninvalid")).to eq(false)
|
111
117
|
end
|
112
118
|
specify "should accept a valid salt" do
|
113
119
|
expect(BCrypt::Engine.valid_salt?(BCrypt::Engine.generate_salt)).to eq(true)
|
@@ -117,6 +123,7 @@ end
|
|
117
123
|
describe "Validating a password hash" do
|
118
124
|
specify "should not accept an invalid password" do
|
119
125
|
expect(BCrypt::Password.valid_hash?("i_am_so_not_valid")).to be(false)
|
126
|
+
expect(BCrypt::Password.valid_hash?("invalid\n#{BCrypt::Password.create "i_am_so_valid"}\ninvalid")).to be(false)
|
120
127
|
end
|
121
128
|
specify "should accept a valid password" do
|
122
129
|
expect(BCrypt::Password.valid_hash?(BCrypt::Password.create "i_am_so_valid")).to be(true)
|
metadata
CHANGED
@@ -1,29 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bcrypt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.1.
|
4
|
+
version: 3.1.18
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Coda Hale
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-05-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
15
15
|
requirements:
|
16
16
|
- - "~>"
|
17
17
|
- !ruby/object:Gem::Version
|
18
|
-
version:
|
18
|
+
version: 1.2.0
|
19
19
|
name: rake-compiler
|
20
|
-
type: :development
|
21
20
|
prerelease: false
|
21
|
+
type: :development
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: 1.2.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
29
29
|
requirements:
|
@@ -31,8 +31,8 @@ dependencies:
|
|
31
31
|
- !ruby/object:Gem::Version
|
32
32
|
version: '3'
|
33
33
|
name: rspec
|
34
|
-
type: :development
|
35
34
|
prerelease: false
|
35
|
+
type: :development
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - ">="
|
@@ -54,16 +54,14 @@ extra_rdoc_files:
|
|
54
54
|
- lib/bcrypt/engine.rb
|
55
55
|
- lib/bcrypt/error.rb
|
56
56
|
files:
|
57
|
+
- ".github/workflows/ruby.yml"
|
57
58
|
- ".gitignore"
|
58
59
|
- ".rspec"
|
59
|
-
- ".travis.yml"
|
60
60
|
- CHANGELOG
|
61
61
|
- COPYING
|
62
62
|
- Gemfile
|
63
|
-
- Gemfile.lock
|
64
63
|
- README.md
|
65
64
|
- Rakefile
|
66
|
-
- appveyor.yml
|
67
65
|
- bcrypt.gemspec
|
68
66
|
- ext/jruby/bcrypt_jruby/BCrypt.java
|
69
67
|
- ext/mri/bcrypt_ext.c
|
@@ -87,7 +85,7 @@ files:
|
|
87
85
|
- spec/bcrypt/error_spec.rb
|
88
86
|
- spec/bcrypt/password_spec.rb
|
89
87
|
- spec/spec_helper.rb
|
90
|
-
homepage: https://github.com/
|
88
|
+
homepage: https://github.com/bcrypt-ruby/bcrypt-ruby
|
91
89
|
licenses:
|
92
90
|
- MIT
|
93
91
|
metadata: {}
|
@@ -112,7 +110,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
112
110
|
- !ruby/object:Gem::Version
|
113
111
|
version: '0'
|
114
112
|
requirements: []
|
115
|
-
rubygems_version: 3.
|
113
|
+
rubygems_version: 3.2.29
|
116
114
|
signing_key:
|
117
115
|
specification_version: 4
|
118
116
|
summary: OpenBSD's bcrypt() password hashing algorithm.
|
data/.travis.yml
DELETED
@@ -1,23 +0,0 @@
|
|
1
|
-
language: ruby
|
2
|
-
before_install:
|
3
|
-
- "echo 'gem: --no-rdoc --no-ri' > ~/.gemrc"
|
4
|
-
- gem update --system 2.7.8
|
5
|
-
- gem install bundler -v 1.17.3
|
6
|
-
rvm:
|
7
|
-
- 2.0
|
8
|
-
- 2.1
|
9
|
-
- 2.2
|
10
|
-
- 2.3
|
11
|
-
- 2.4
|
12
|
-
- 2.5
|
13
|
-
- 2.6
|
14
|
-
- ruby-head
|
15
|
-
- jruby-head
|
16
|
-
- rbx-3
|
17
|
-
matrix:
|
18
|
-
allow_failures:
|
19
|
-
- rvm: ruby-head
|
20
|
-
- rvm: jruby-head
|
21
|
-
- rvm: rbx-3
|
22
|
-
fast_finish: true
|
23
|
-
script: bundle exec rake
|
data/Gemfile.lock
DELETED
@@ -1,37 +0,0 @@
|
|
1
|
-
PATH
|
2
|
-
remote: .
|
3
|
-
specs:
|
4
|
-
bcrypt (3.1.15)
|
5
|
-
|
6
|
-
GEM
|
7
|
-
remote: https://rubygems.org/
|
8
|
-
specs:
|
9
|
-
diff-lcs (1.4.4)
|
10
|
-
rake (13.0.1)
|
11
|
-
rake-compiler (0.9.9)
|
12
|
-
rake
|
13
|
-
rspec (3.9.0)
|
14
|
-
rspec-core (~> 3.9.0)
|
15
|
-
rspec-expectations (~> 3.9.0)
|
16
|
-
rspec-mocks (~> 3.9.0)
|
17
|
-
rspec-core (3.9.2)
|
18
|
-
rspec-support (~> 3.9.3)
|
19
|
-
rspec-expectations (3.9.2)
|
20
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
21
|
-
rspec-support (~> 3.9.0)
|
22
|
-
rspec-mocks (3.9.1)
|
23
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
24
|
-
rspec-support (~> 3.9.0)
|
25
|
-
rspec-support (3.9.3)
|
26
|
-
|
27
|
-
PLATFORMS
|
28
|
-
java
|
29
|
-
ruby
|
30
|
-
|
31
|
-
DEPENDENCIES
|
32
|
-
bcrypt!
|
33
|
-
rake-compiler (~> 0.9.2)
|
34
|
-
rspec (>= 3)
|
35
|
-
|
36
|
-
BUNDLED WITH
|
37
|
-
2.2.0.dev
|
data/appveyor.yml
DELETED
@@ -1,50 +0,0 @@
|
|
1
|
-
version: "{branch}-{build}"
|
2
|
-
build: off
|
3
|
-
clone_depth: 1
|
4
|
-
|
5
|
-
init:
|
6
|
-
# Install Ruby head
|
7
|
-
- if %RUBY_VERSION%==head (
|
8
|
-
appveyor DownloadFile https://github.com/oneclick/rubyinstaller2/releases/download/rubyinstaller-head/rubyinstaller-head-x86.exe -FileName C:\head_x86.exe &
|
9
|
-
C:\head_x86.exe /verysilent /dir=C:\Ruby%RUBY_VERSION%
|
10
|
-
)
|
11
|
-
- if %RUBY_VERSION%==head-x64 (
|
12
|
-
appveyor DownloadFile https://github.com/oneclick/rubyinstaller2/releases/download/rubyinstaller-head/rubyinstaller-head-x64.exe -FileName C:\head_x64.exe &
|
13
|
-
C:\head_x64.exe /verysilent /dir=C:\Ruby%RUBY_VERSION%
|
14
|
-
)
|
15
|
-
|
16
|
-
# Add Ruby to the path
|
17
|
-
- set PATH=C:\Ruby%RUBY_VERSION%\bin;%PATH%
|
18
|
-
|
19
|
-
environment:
|
20
|
-
matrix:
|
21
|
-
- RUBY_VERSION: "head"
|
22
|
-
- RUBY_VERSION: "head-x64"
|
23
|
-
- RUBY_VERSION: "25"
|
24
|
-
- RUBY_VERSION: "25-x64"
|
25
|
-
- RUBY_VERSION: "24"
|
26
|
-
- RUBY_VERSION: "24-x64"
|
27
|
-
- RUBY_VERSION: "23"
|
28
|
-
- RUBY_VERSION: "23-x64"
|
29
|
-
- RUBY_VERSION: "22"
|
30
|
-
- RUBY_VERSION: "22-x64"
|
31
|
-
- RUBY_VERSION: "21"
|
32
|
-
- RUBY_VERSION: "21-x64"
|
33
|
-
- RUBY_VERSION: "200"
|
34
|
-
- RUBY_VERSION: "200-x64"
|
35
|
-
|
36
|
-
install:
|
37
|
-
- ps: "Set-Content -Value 'gem: --no-ri --no-rdoc ' -Path C:\\ProgramData\\gemrc"
|
38
|
-
- if %RUBY_VERSION%==head ( gem install bundler -v'< 2' )
|
39
|
-
- if %RUBY_VERSION%==head-x64 ( gem install bundler -v'< 2' )
|
40
|
-
- bundle install
|
41
|
-
|
42
|
-
before_build:
|
43
|
-
- ruby -v
|
44
|
-
- gem -v
|
45
|
-
|
46
|
-
build_script:
|
47
|
-
- bundle exec rake compile -rdevkit
|
48
|
-
|
49
|
-
test_script:
|
50
|
-
- bundle exec rake spec
|