RubyGems - bcrypt - Versions diffs - 3.1.16 → 3.1.22 - Mend

bcrypt 3.1.16 → 3.1.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

checksums.yaml +4 -4
data/CHANGELOG +24 -1
data/README.md +4 -6
data/ext/jruby/bcrypt_jruby/BCrypt.java +4 -3
data/ext/mri/bcrypt_ext.c +78 -17
data/lib/bcrypt/engine.rb +21 -5
data/lib/bcrypt/password.rb +22 -3
metadata +41 -27
data/.gitignore +0 -9
data/.rspec +0 -3
data/.travis.yml +0 -22
data/Gemfile +0 -2
data/Rakefile +0 -72
data/appveyor.yml +0 -50
data/bcrypt.gemspec +0 -27
data/spec/TestBCrypt.java +0 -194
data/spec/bcrypt/engine_spec.rb +0 -157
data/spec/bcrypt/error_spec.rb +0 -37
data/spec/bcrypt/password_spec.rb +0 -124
data/spec/spec_helper.rb +0 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 24a80205a939e463319b4dd986b58cd5a4d43e66e864818e0c7efa7767e25cdc
-  data.tar.gz: 964599e45299ac4964773f2ede8e6a20eab2511910fecac3512e284bfff09a1b
+  metadata.gz: 521c5039d4a683bdf17faa98c3fddc47318f415597bd7575615c1f309ba65a4d
+  data.tar.gz: 9abdb8766bcfdc8cfeacbe41eb66fd0a8436ad5b1e9ff67b18239019387be3a1
 SHA512:
-  metadata.gz: 87542a66be75234db706e7f2995d4bee03e0b19611bb9bfa19e21c923656d863dfa5fadee6829e779b726a4370351734f92315f29ef8facbe89b90c930202d19
-  data.tar.gz: 6d4cd84d8e2bda4067c3816a339503257662c6f0eafcaffc7ba4aa05dacb76d4cd3d39e6c6f51951caf7f5d2ea325a81dcce374982aa3fdf57624d534b3c2ae5
+  metadata.gz: 6ce98e4f36915b8fb3dc2cc5a0dadb7624914bbfabd8d5e804ac1c945c8fe23794c1a3652841634766c5fe8876cd06ccb04b737c84f54e6b4bca82701d529c07
+  data.tar.gz: 9a2eddcb94fa016dfae3e46901df0cd5f9afd30c63789eb4682cf9fc7b55cc3348e1822663a4c4cff9f277d26a6f907ba139d2578fb1510b58559ee76d58d2ce

data/CHANGELOG CHANGED Viewed

@@ -1,3 +1,26 @@
+3.1.22 Mar 18 2026
+  - [CVE-2026-33306] Fix integer overflow in Java extension
+3.1.21 Dec 31 2025
+  - Use constant time comparisons
+  - Mark as Ractor safe
+3.1.20 Nov 17 2023
+  - Limit packaged files -- decrease gem filesize by ~28% [GH #272 by @pusewicz]
+3.1.19 June 22 2023
+  - Deprecate passing the third argument to `BCrypt::Engine.hash_secret` [GH #207 by @sergey-alekseev]
+  - Add GC guards so the C compiler won't optimize out references [GH #270]
+3.1.18 May 16 2022
+  - Unlock GVL when calculating hashes and salts [GH #260]
+  - Fix compilation warnings in `ext/mri/bcrypt_ext.c` [GH #261]
+3.1.17 Mar 14 2022
+- Fix regex in validators to use \A and \z instead of ^ and $ [GH #121]
+- Truncate secrets greater than 72 bytes in hash_secret [GH #255]
+- Assorted test and doc improvements
 3.1.16 Sep 3 2020
   - Fix compilation on FreeBSD. [GH #234]
@@ -16,7 +39,7 @@
 3.1.12 May 16 2018
   - Add support for Ruby 2.3, 2.4, and 2.5 in compiled Windows binaries
-  - Fix compatibility with libxcrypt [GH #164 by @besser82]
+  - Fix compatibility with libxcrypt - Fixes hash errors in Fedora 28 and Ubuntu 20 [GH #164 by @besser82]
 3.1.11 Mar 06 2016
   - Add support for Ruby 2.2 in compiled Windows binaries

data/README.md CHANGED Viewed

@@ -2,11 +2,9 @@
 An easy way to keep your users' passwords secure.
-* https://github.com/codahale/bcrypt-ruby/tree/master
-[![Travis Build Status](https://travis-ci.org/codahale/bcrypt-ruby.svg?branch=master)](https://travis-ci.org/codahale/bcrypt-ruby)
-[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/6fplerx9lnaf0hyo?svg=true)](https://ci.appveyor.com/project/TJSchuck35975/bcrypt-ruby)
+* https://github.com/bcrypt-ruby/bcrypt-ruby/tree/master
+[![Github Actions Build Status](https://github.com/bcrypt-ruby/bcrypt-ruby/actions/workflows/ruby.yml/badge.svg?branch=master)](https://github.com/bcrypt-ruby/bcrypt-ruby/actions/workflows/ruby.yml)
 ## Why you should use `bcrypt()`
@@ -32,8 +30,8 @@ re-hash those passwords. This vulnerability only affected the JRuby gem.
 The bcrypt gem is available on the following Ruby platforms:
 * JRuby
-* RubyInstaller 2.0 – 2.5 builds on Windows with the DevKit
-* Any 2.0 – 2.5 Ruby on a BSD/OS X/Linux system with a compiler
+* RubyInstaller builds on Windows with the DevKit
+* Any modern Ruby on a BSD/OS X/Linux system with a compiler
 ## How to use `bcrypt()` in your Rails application

data/ext/jruby/bcrypt_jruby/BCrypt.java CHANGED Viewed

@@ -688,20 +688,21 @@ public class BCrypt {
 	 */
 	private byte[] crypt_raw(byte password[], byte salt[], int log_rounds,
 							boolean sign_ext_bug, int safety) {
-		int rounds, i, j;
+		long rounds;
+		int i, j;
 		int cdata[] =  bf_crypt_ciphertext.clone();
 		int clen = cdata.length;
 		byte ret[];
 		if (log_rounds < 4 || log_rounds > 31)
 			throw new IllegalArgumentException ("Bad number of rounds");
-		rounds = 1 << log_rounds;
+		rounds = roundsForLogRounds(log_rounds);
 		if (salt.length != BCRYPT_SALT_LEN)
 			throw new IllegalArgumentException ("Bad salt length");
 		init_key();
 		ekskey(salt, password, sign_ext_bug, safety);
-		for (i = 0; i < rounds; i++) {
+		for (long r = 0; r < rounds; r++) {
 			key(password, sign_ext_bug, safety);
 			key(salt, false, safety);
 		}

data/ext/mri/bcrypt_ext.c CHANGED Viewed

@@ -1,59 +1,120 @@
 #include <ruby.h>
 #include <ow-crypt.h>
+#ifdef HAVE_RUBY_THREAD_H
+#include <ruby/thread.h>
+#endif
 static VALUE mBCrypt;
 static VALUE cBCryptEngine;
+struct bc_salt_args {
+    const char * prefix;
+    unsigned long count;
+    const char * input;
+    int size;
+};
+static void * bc_salt_nogvl(void * ptr) {
+    struct bc_salt_args * args = ptr;
+    return crypt_gensalt_ra(args->prefix, args->count, args->input, args->size);
+}
 /* Given a logarithmic cost parameter, generates a salt for use with +bc_crypt+.
 */
 static VALUE bc_salt(VALUE self, VALUE prefix, VALUE count, VALUE input) {
     char * salt;
     VALUE str_salt;
-    salt = crypt_gensalt_ra(
-	    StringValuePtr(prefix),
-	    NUM2ULONG(count),
-	    NIL_P(input) ? NULL : StringValuePtr(input),
-	    NIL_P(input) ? 0 : RSTRING_LEN(input));
+    struct bc_salt_args args;
+    /* duplicate the parameters for thread safety.  If another thread has a
+     * reference to the parameters and mutates them while we are working,
+     * that would be very bad.  Duping the strings means that the reference
+     * isn't shared. */
+    prefix = rb_str_new_frozen(prefix);
+    input  = rb_str_new_frozen(input);
+    args.prefix = StringValueCStr(prefix);
+    args.count  = NUM2ULONG(count);
+    args.input  = NIL_P(input) ? NULL : StringValuePtr(input);
+    args.size   = NIL_P(input) ? 0 : RSTRING_LEN(input);
+#ifdef HAVE_RUBY_THREAD_H
+    salt = rb_thread_call_without_gvl(bc_salt_nogvl, &args, NULL, NULL);
+#else
+    salt = bc_salt_nogvl((void *)&args);
+#endif
     if(!salt) return Qnil;
     str_salt = rb_str_new2(salt);
+    RB_GC_GUARD(prefix);
+    RB_GC_GUARD(input);
     free(salt);
     return str_salt;
 }
+struct bc_crypt_args {
+    const char * key;
+    const char * setting;
+    void * data;
+    int size;
+};
+static void * bc_crypt_nogvl(void * ptr) {
+    struct bc_crypt_args * args = ptr;
+    return crypt_ra(args->key, args->setting, &args->data, &args->size);
+}
 /* Given a secret and a salt, generates a salted hash (which you can then store safely).
 */
 static VALUE bc_crypt(VALUE self, VALUE key, VALUE setting) {
     char * value;
-    void * data;
-    int size;
     VALUE out;
-    data = NULL;
-    size = 0xDEADBEEF;
+    struct bc_crypt_args args;
     if(NIL_P(key) || NIL_P(setting)) return Qnil;
-    value = crypt_ra(
-	    NIL_P(key) ? NULL : StringValuePtr(key),
-	    NIL_P(setting) ? NULL : StringValuePtr(setting),
-	    &data,
-	    &size);
+    /* duplicate the parameters for thread safety.  If another thread has a
+     * reference to the parameters and mutates them while we are working,
+     * that would be very bad.  Duping the strings means that the reference
+     * isn't shared. */
+    key     = rb_str_new_frozen(key);
+    setting = rb_str_new_frozen(setting);
+    args.data    = NULL;
+    args.size    = 0xDEADBEEF;
+    args.key     = NIL_P(key)     ? NULL : StringValueCStr(key);
+    args.setting = NIL_P(setting) ? NULL : StringValueCStr(setting);
+#ifdef HAVE_RUBY_THREAD_H
+    value = rb_thread_call_without_gvl(bc_crypt_nogvl, &args, NULL, NULL);
+#else
+    value = bc_crypt_nogvl((void *)&args);
+#endif
-    if(!value || !data) return Qnil;
+    if(!value || !args.data) return Qnil;
     out = rb_str_new2(value);
-    xfree(data);
+    RB_GC_GUARD(key);
+    RB_GC_GUARD(setting);
+    free(args.data);
     return out;
 }
 /* Create the BCrypt and BCrypt::Engine modules, and populate them with methods. */
 void Init_bcrypt_ext(){
+#ifdef HAVE_RB_EXT_RACTOR_SAFE
+    rb_ext_ractor_safe(true);
+#endif
     mBCrypt = rb_define_module("BCrypt");
     cBCryptEngine = rb_define_class_under(mBCrypt, "Engine", rb_cObject);

data/lib/bcrypt/engine.rb CHANGED Viewed

@@ -7,6 +7,14 @@ module BCrypt
     MIN_COST        = 4
     # The maximum cost supported by the algorithm.
     MAX_COST = 31
+    # Maximum possible size of bcrypt() secrets.
+    # Older versions of the bcrypt library would truncate passwords longer
+    # than 72 bytes, but newer ones do not. We truncate like the old library for
+    # forward compatibility. This way users upgrading from Ubuntu 18.04 to 20.04
+    # will not have their user passwords invalidated, for example.
+    # A max secret length greater than 255 leads to bcrypt returning nil.
+    # https://github.com/bcrypt-ruby/bcrypt-ruby/issues/225#issuecomment-875908425
+    MAX_SECRET_BYTESIZE = 72
     # Maximum possible size of bcrypt() salts.
     MAX_SALT_LENGTH = 16
@@ -43,14 +51,23 @@ module BCrypt
     end
     # Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates
-    # a bcrypt() password hash.
+    # a bcrypt() password hash. Secrets longer than 72 bytes are truncated.
     def self.hash_secret(secret, salt, _ = nil)
+      unless _.nil?
+        warn "[DEPRECATION] Passing the third argument to " \
+             "`BCrypt::Engine.hash_secret` is deprecated. " \
+             "Please do not pass the third argument which " \
+             "is currently not used."
+      end
       if valid_secret?(secret)
         if valid_salt?(salt)
           if RUBY_PLATFORM == "java"
             Java.bcrypt_jruby.BCrypt.hashpw(secret.to_s.to_java_bytes, salt.to_s)
           else
-            __bc_crypt(secret.to_s, salt)
+            secret = secret.to_s
+            secret = secret.byteslice(0, MAX_SECRET_BYTESIZE) if secret && secret.bytesize > MAX_SECRET_BYTESIZE
+            __bc_crypt(secret, salt)
           end
         else
           raise Errors::InvalidSalt.new("invalid salt")
@@ -70,8 +87,7 @@ module BCrypt
         if RUBY_PLATFORM == "java"
           Java.bcrypt_jruby.BCrypt.gensalt(cost)
         else
-          prefix = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
-          __bc_salt(prefix, cost, OpenSSL::Random.random_bytes(MAX_SALT_LENGTH))
+          __bc_salt("$2a$", cost, OpenSSL::Random.random_bytes(MAX_SALT_LENGTH))
         end
       else
         raise Errors::InvalidCost.new("cost must be numeric and > 0")
@@ -80,7 +96,7 @@ module BCrypt
     # Returns true if +salt+ is a valid bcrypt() salt, false if not.
     def self.valid_salt?(salt)
-      !!(salt =~ /^\$[0-9a-z]{2,}\$[0-9]{2,}\$[A-Za-z0-9\.\/]{22,}$/)
+      !!(salt =~ /\A\$[0-9a-z]{2,}\$[0-9]{2,}\$[A-Za-z0-9\.\/]{22,}\z/)
     end
     # Returns true if +secret+ is a valid bcrypt() secret, false if not.

data/lib/bcrypt/password.rb CHANGED Viewed

@@ -47,7 +47,7 @@ module BCrypt
       end
       def valid_hash?(h)
-        /^\$[0-9a-z]{2}\$[0-9]{2}\$[A-Za-z0-9\.\/]{53}$/ === h
+        /\A\$[0-9a-z]{2}\$[0-9]{2}\$[A-Za-z0-9\.\/]{53}\z/ === h
       end
     end
@@ -62,8 +62,28 @@ module BCrypt
     end
     # Compares a potential secret against the hash. Returns true if the secret is the original secret, false otherwise.
+    #
+    # Comparison edge case/gotcha:
+    #
+    #    secret = "my secret"
+    #    @password = BCrypt::Password.create(secret)
+    #
+    #    @password == secret              # => True
+    #    @password == @password           # => False
+    #    @password == @password.to_s      # => False
+    #    @password.to_s == @password      # => True
+    #    @password.to_s == @password.to_s # => True
+    #
+    #    secret == @password              # => probably False, because the secret is not a BCrypt::Password instance.
     def ==(secret)
-      super(BCrypt::Engine.hash_secret(secret, @salt))
+      hash = BCrypt::Engine.hash_secret(secret, @salt)
+      return false if hash.strip.empty? || strip.empty? || hash.bytesize != bytesize
+      # Constant time comparison so they can't tell the length.
+      res = 0
+      bytesize.times { |i| res |= getbyte(i) ^ hash.getbyte(i) }
+      res == 0
     end
     alias_method :is_password?, :==
@@ -83,5 +103,4 @@ module BCrypt
       return v.to_str, c.to_i, h[0, 29].to_str, mash[-31, 31].to_str
     end
   end
 end

metadata CHANGED Viewed

@@ -1,36 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: bcrypt
 version: !ruby/object:Gem::Version
-  version: 3.1.16
+  version: 3.1.22
 platform: ruby
 authors:
 - Coda Hale
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-03 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
+  name: rake-compiler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.2
-  name: rake-compiler
+        version: 1.2.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: 1.2.0
 - !ruby/object:Gem::Dependency
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '3'
-  name: rspec
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -38,6 +37,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '3'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.3
+- !ruby/object:Gem::Dependency
+  name: benchmark
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.5.0
 description: |2
       bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project
       for hashing passwords. The bcrypt Ruby gem provides a simple wrapper for safely handling
@@ -47,24 +74,17 @@ executables: []
 extensions:
 - ext/mri/extconf.rb
 extra_rdoc_files:
-- README.md
-- COPYING
 - CHANGELOG
+- COPYING
+- README.md
 - lib/bcrypt.rb
-- lib/bcrypt/password.rb
 - lib/bcrypt/engine.rb
 - lib/bcrypt/error.rb
+- lib/bcrypt/password.rb
 files:
-- ".gitignore"
-- ".rspec"
-- ".travis.yml"
 - CHANGELOG
 - COPYING
-- Gemfile
 - README.md
-- Rakefile
-- appveyor.yml
-- bcrypt.gemspec
 - ext/jruby/bcrypt_jruby/BCrypt.java
 - ext/mri/bcrypt_ext.c
 - ext/mri/crypt.c
@@ -81,16 +101,11 @@ files:
 - lib/bcrypt/engine.rb
 - lib/bcrypt/error.rb
 - lib/bcrypt/password.rb
-- spec/TestBCrypt.java
-- spec/bcrypt/engine_spec.rb
-- spec/bcrypt/error_spec.rb
-- spec/bcrypt/password_spec.rb
-- spec/spec_helper.rb
-homepage: https://github.com/codahale/bcrypt-ruby
+homepage: https://github.com/bcrypt-ruby/bcrypt-ruby
 licenses:
 - MIT
-metadata: {}
-post_install_message:
+metadata:
+  changelog_uri: https://github.com/bcrypt-ruby/bcrypt-ruby/blob/master/CHANGELOG
 rdoc_options:
 - "--title"
 - bcrypt-ruby
@@ -111,8 +126,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
-signing_key:
+rubygems_version: 4.0.6
 specification_version: 4
 summary: OpenBSD's bcrypt() password hashing algorithm.
 test_files: []

data/.gitignore DELETED Viewed

@@ -1,9 +0,0 @@
-doc
-pkg
-tmp
-*.o
-*.bundle
-*.so
-*.jar
-.DS_Store
-.rbenv-gemsets

data/.rspec DELETED Viewed

@@ -1,3 +0,0 @@
---color
---backtrace
---format documentation

data/.travis.yml DELETED Viewed

@@ -1,22 +0,0 @@
-language: ruby
-before_install:
-  - "echo 'gem: --no-rdoc --no-ri' > ~/.gemrc"
-rvm:
-  - 2.0
-  - 2.1
-  - 2.2
-  - 2.3
-  - 2.4
-  - 2.5
-  - 2.6
-  - 2.7
-  - ruby-head
-  - jruby-head
-  - rbx-3
-matrix:
-  allow_failures:
-    - rvm: ruby-head
-    - rvm: jruby-head
-    - rvm: rbx-3
-  fast_finish: true
-script: bundle exec rake

data/Gemfile DELETED Viewed

	@@ -1,2 +0,0 @@
1	- source 'https://rubygems.org'
2	- gemspec

data/Rakefile DELETED Viewed

@@ -1,72 +0,0 @@
-require 'rspec/core/rake_task'
-require 'rubygems/package_task'
-require 'rake/extensiontask'
-require 'rake/javaextensiontask'
-require 'rake/clean'
-require 'rdoc/task'
-require 'benchmark'
-CLEAN.include(
-  "tmp",
-  "lib/bcrypt_ext.jar",
-  "lib/bcrypt_ext.so"
-)
-CLOBBER.include(
-  "doc",
-  "pkg"
-)
-GEMSPEC = Gem::Specification.load("bcrypt.gemspec")
-task :default => [:compile, :spec]
-desc "Run all specs"
-RSpec::Core::RakeTask.new do |t|
-  t.pattern = 'spec/**/*_spec.rb'
-  t.ruby_opts = '-w'
-end
-desc "Run all specs, with coverage testing"
-RSpec::Core::RakeTask.new(:rcov) do |t|
-  t.pattern = 'spec/**/*_spec.rb'
-  t.rcov = true
-  t.rcov_path = 'doc/coverage'
-  t.rcov_opts = ['--exclude', 'rspec,diff-lcs,rcov,_spec,_helper']
-end
-desc 'Generate RDoc'
-RDoc::Task.new do |rdoc|
-  rdoc.rdoc_dir = 'doc/rdoc'
-  rdoc.options += GEMSPEC.rdoc_options
-  rdoc.template = ENV['TEMPLATE'] if ENV['TEMPLATE']
-  rdoc.rdoc_files.include(*GEMSPEC.extra_rdoc_files)
-end
-Gem::PackageTask.new(GEMSPEC) do |pkg|
-  pkg.need_zip = true
-  pkg.need_tar = true
-end
-if RUBY_PLATFORM =~ /java/
-  Rake::JavaExtensionTask.new('bcrypt_ext', GEMSPEC) do |ext|
-    ext.ext_dir = 'ext/jruby'
-    ext.source_version = "1.7"
-    ext.target_version = "1.7"
-  end
-else
-  Rake::ExtensionTask.new("bcrypt_ext", GEMSPEC) do |ext|
-    ext.ext_dir = 'ext/mri'
-  end
-end
-desc "Run a set of benchmarks on the compiled extension."
-task :benchmark do
-  TESTS = 100
-  TEST_PWD = "this is a test"
-  require File.expand_path(File.join(File.dirname(__FILE__), "lib", "bcrypt"))
-  Benchmark.bmbm do |results|
-    4.upto(10) do |n|
-      results.report("cost #{n}:") { TESTS.times { BCrypt::Password.create(TEST_PWD, :cost => n) } }
-    end
-  end
-end

data/appveyor.yml DELETED Viewed

@@ -1,50 +0,0 @@
-version: "{branch}-{build}"
-build: off
-clone_depth: 1
-init:
-  # Install Ruby head
-  - if %RUBY_VERSION%==head (
-      appveyor DownloadFile https://github.com/oneclick/rubyinstaller2/releases/download/rubyinstaller-head/rubyinstaller-head-x86.exe -FileName C:\head_x86.exe &
-      C:\head_x86.exe /verysilent /dir=C:\Ruby%RUBY_VERSION%
-    )
-  - if %RUBY_VERSION%==head-x64 (
-      appveyor DownloadFile https://github.com/oneclick/rubyinstaller2/releases/download/rubyinstaller-head/rubyinstaller-head-x64.exe -FileName C:\head_x64.exe &
-      C:\head_x64.exe /verysilent /dir=C:\Ruby%RUBY_VERSION%
-    )
-  # Add Ruby to the path
-  - set PATH=C:\Ruby%RUBY_VERSION%\bin;%PATH%
-environment:
-  matrix:
-    - RUBY_VERSION: "head"
-    - RUBY_VERSION: "head-x64"
-    - RUBY_VERSION: "25"
-    - RUBY_VERSION: "25-x64"
-    - RUBY_VERSION: "24"
-    - RUBY_VERSION: "24-x64"
-    - RUBY_VERSION: "23"
-    - RUBY_VERSION: "23-x64"
-    - RUBY_VERSION: "22"
-    - RUBY_VERSION: "22-x64"
-    - RUBY_VERSION: "21"
-    - RUBY_VERSION: "21-x64"
-    - RUBY_VERSION: "200"
-    - RUBY_VERSION: "200-x64"
-install:
-  - ps: "Set-Content -Value 'gem: --no-ri --no-rdoc ' -Path C:\\ProgramData\\gemrc"
-  - if %RUBY_VERSION%==head     ( gem install bundler -v'< 2' )
-  - if %RUBY_VERSION%==head-x64 ( gem install bundler -v'< 2' )
-  - bundle install
-before_build:
-  - ruby -v
-  - gem -v
-build_script:
-  - bundle exec rake compile -rdevkit
-test_script:
-  - bundle exec rake spec

data/bcrypt.gemspec DELETED Viewed

@@ -1,27 +0,0 @@
-Gem::Specification.new do |s|
-  s.name = 'bcrypt'
-  s.version = '3.1.16'
-  s.summary = "OpenBSD's bcrypt() password hashing algorithm."
-  s.description = <<-EOF
-    bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project
-    for hashing passwords. The bcrypt Ruby gem provides a simple wrapper for safely handling
-    passwords.
-  EOF
-  s.files = `git ls-files`.split("\n")
-  s.require_path = 'lib'
-  s.add_development_dependency 'rake-compiler', '~> 0.9.2'
-  s.add_development_dependency 'rspec', '>= 3'
-  s.rdoc_options += ['--title', 'bcrypt-ruby', '--line-numbers', '--inline-source', '--main', 'README.md']
-  s.extra_rdoc_files += ['README.md', 'COPYING', 'CHANGELOG', *Dir['lib/**/*.rb']]
-  s.extensions = 'ext/mri/extconf.rb'
-  s.authors = ["Coda Hale"]
-  s.email = "coda.hale@gmail.com"
-  s.homepage = "https://github.com/codahale/bcrypt-ruby"
-  s.license = "MIT"
-end

data/spec/TestBCrypt.java DELETED Viewed

@@ -1,194 +0,0 @@
-// Copyright (c) 2006 Damien Miller <djm@mindrot.org>
-//
-// Permission to use, copy, modify, and distribute this software for any
-// purpose with or without fee is hereby granted, provided that the above
-// copyright notice and this permission notice appear in all copies.
-//
-// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-import junit.framework.TestCase;
-/**
- * JUnit unit tests for BCrypt routines
- * @author Damien Miller
- * @version 0.2
- */
-public class TestBCrypt extends TestCase {
-	String test_vectors[][] = {
-			{ "",
-			"$2a$06$DCq7YPn5Rq63x1Lad4cll.",
-			"$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s." },
-			{ "",
-			"$2a$08$HqWuK6/Ng6sg9gQzbLrgb.",
-			"$2a$08$HqWuK6/Ng6sg9gQzbLrgb.Tl.ZHfXLhvt/SgVyWhQqgqcZ7ZuUtye" },
-			{ "",
-			"$2a$10$k1wbIrmNyFAPwPVPSVa/ze",
-			"$2a$10$k1wbIrmNyFAPwPVPSVa/zecw2BCEnBwVS2GbrmgzxFUOqW9dk4TCW" },
-			{ "",
-			"$2a$12$k42ZFHFWqBp3vWli.nIn8u",
-			"$2a$12$k42ZFHFWqBp3vWli.nIn8uYyIkbvYRvodzbfbK18SSsY.CsIQPlxO" },
-			{ "a",
-			"$2a$06$m0CrhHm10qJ3lXRY.5zDGO",
-			"$2a$06$m0CrhHm10qJ3lXRY.5zDGO3rS2KdeeWLuGmsfGlMfOxih58VYVfxe" },
-			{ "a",
-			"$2a$08$cfcvVd2aQ8CMvoMpP2EBfe",
-			"$2a$08$cfcvVd2aQ8CMvoMpP2EBfeodLEkkFJ9umNEfPD18.hUF62qqlC/V." },
-			{ "a",
-			"$2a$10$k87L/MF28Q673VKh8/cPi.",
-			"$2a$10$k87L/MF28Q673VKh8/cPi.SUl7MU/rWuSiIDDFayrKk/1tBsSQu4u" },
-			{ "a",
-			"$2a$12$8NJH3LsPrANStV6XtBakCe",
-			"$2a$12$8NJH3LsPrANStV6XtBakCez0cKHXVxmvxIlcz785vxAIZrihHZpeS" },
-			{ "abc",
-			"$2a$06$If6bvum7DFjUnE9p2uDeDu",
-			"$2a$06$If6bvum7DFjUnE9p2uDeDu0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i" },
-			{ "abc",
-			"$2a$08$Ro0CUfOqk6cXEKf3dyaM7O",
-			"$2a$08$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm" },
-			{ "abc",
-			"$2a$10$WvvTPHKwdBJ3uk0Z37EMR.",
-			"$2a$10$WvvTPHKwdBJ3uk0Z37EMR.hLA2W6N9AEBhEgrAOljy2Ae5MtaSIUi" },
-			{ "abc",
-			"$2a$12$EXRkfkdmXn2gzds2SSitu.",
-			"$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q" },
-			{ "abcdefghijklmnopqrstuvwxyz",
-			"$2a$06$.rCVZVOThsIa97pEDOxvGu",
-			"$2a$06$.rCVZVOThsIa97pEDOxvGuRRgzG64bvtJ0938xuqzv18d3ZpQhstC" },
-			{ "abcdefghijklmnopqrstuvwxyz",
-			"$2a$08$aTsUwsyowQuzRrDqFflhge",
-			"$2a$08$aTsUwsyowQuzRrDqFflhgekJ8d9/7Z3GV3UcgvzQW3J5zMyrTvlz." },
-			{ "abcdefghijklmnopqrstuvwxyz",
-			"$2a$10$fVH8e28OQRj9tqiDXs1e1u",
-			"$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq" },
-			{ "abcdefghijklmnopqrstuvwxyz",
-			"$2a$12$D4G5f18o7aMMfwasBL7Gpu",
-			"$2a$12$D4G5f18o7aMMfwasBL7GpuQWuP3pkrZrOAnqP.bmezbMng.QwJ/pG" },
-			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
-			"$2a$06$fPIsBO8qRqkjj273rfaOI.",
-			"$2a$06$fPIsBO8qRqkjj273rfaOI.HtSV9jLDpTbZn782DC6/t7qT67P6FfO" },
-			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
-			"$2a$08$Eq2r4G/76Wv39MzSX262hu",
-			"$2a$08$Eq2r4G/76Wv39MzSX262huzPz612MZiYHVUJe/OcOql2jo4.9UxTW" },
-			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
-			"$2a$10$LgfYWkbzEvQ4JakH7rOvHe",
-			"$2a$10$LgfYWkbzEvQ4JakH7rOvHe0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS" },
-			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
-			"$2a$12$WApznUOJfkEGSmYRfnkrPO",
-			"$2a$12$WApznUOJfkEGSmYRfnkrPOr466oFDCaj4b6HY3EXGvfxm43seyhgC" },
-		};
-	/**
-	 * Entry point for unit tests
-	 * @param args unused
-	 */
-	public static void main(String[] args) {
-		junit.textui.TestRunner.run(TestBCrypt.class);
-	}
-	/**
-	 * Test method for 'BCrypt.hashpw(String, String)'
-	 */
-	public void testHashpw() {
-		System.out.print("BCrypt.hashpw(): ");
-		for (int i = 0; i < test_vectors.length; i++) {
-			String plain = test_vectors[i][0];
-			String salt = test_vectors[i][1];
-			String expected = test_vectors[i][2];
-			String hashed = BCrypt.hashpw(plain, salt);
-			assertEquals(hashed, expected);
-			System.out.print(".");
-		}
-		System.out.println("");
-	}
-	/**
-	 * Test method for 'BCrypt.gensalt(int)'
-	 */
-	public void testGensaltInt() {
-		System.out.print("BCrypt.gensalt(log_rounds):");
-		for (int i = 4; i <= 12; i++) {
-			System.out.print(" " + Integer.toString(i) + ":");
-			for (int j = 0; j < test_vectors.length; j += 4) {
-				String plain = test_vectors[j][0];
-				String salt = BCrypt.gensalt(i);
-				String hashed1 = BCrypt.hashpw(plain, salt);
-				String hashed2 = BCrypt.hashpw(plain, hashed1);
-				assertEquals(hashed1, hashed2);
-				System.out.print(".");
-			}
-		}
-		System.out.println("");
-	}
-	/**
-	 * Test method for 'BCrypt.gensalt()'
-	 */
-	public void testGensalt() {
-		System.out.print("BCrypt.gensalt(): ");
-		for (int i = 0; i < test_vectors.length; i += 4) {
-			String plain = test_vectors[i][0];
-			String salt = BCrypt.gensalt();
-			String hashed1 = BCrypt.hashpw(plain, salt);
-			String hashed2 = BCrypt.hashpw(plain, hashed1);
-			assertEquals(hashed1, hashed2);
-			System.out.print(".");
-		}
-		System.out.println("");
-	}
-	/**
-	 * Test method for 'BCrypt.checkpw(String, String)'
-	 * expecting success
-	 */
-	public void testCheckpw_success() {
-		System.out.print("BCrypt.checkpw w/ good passwords: ");
-		for (int i = 0; i < test_vectors.length; i++) {
-			String plain = test_vectors[i][0];
-			String expected = test_vectors[i][2];
-			assertTrue(BCrypt.checkpw(plain, expected));
-			System.out.print(".");
-		}
-		System.out.println("");
-	}
-	/**
-	 * Test method for 'BCrypt.checkpw(String, String)'
-	 * expecting failure
-	 */
-	public void testCheckpw_failure() {
-		System.out.print("BCrypt.checkpw w/ bad passwords: ");
-		for (int i = 0; i < test_vectors.length; i++) {
-			int broken_index = (i + 4) % test_vectors.length;
-			String plain = test_vectors[i][0];
-			String expected = test_vectors[broken_index][2];
-			assertFalse(BCrypt.checkpw(plain, expected));
-			System.out.print(".");
-		}
-		System.out.println("");
-	}
-	/**
-	 * Test for correct hashing of non-US-ASCII passwords
-	 */
-	public void testInternationalChars() {
-		System.out.print("BCrypt.hashpw w/ international chars: ");
-		String pw1 = "ππππππππ";
-		String pw2 = "????????";
-		String h1 = BCrypt.hashpw(pw1, BCrypt.gensalt());
-		assertFalse(BCrypt.checkpw(pw2, h1));
-		System.out.print(".");
-		String h2 = BCrypt.hashpw(pw2, BCrypt.gensalt());
-		assertFalse(BCrypt.checkpw(pw1, h2));
-		System.out.print(".");
-		System.out.println("");
-	}
-}

data/spec/bcrypt/engine_spec.rb DELETED Viewed

@@ -1,157 +0,0 @@
-require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
-describe 'BCrypt::Engine' do
-  describe '.calibrate(upper_time_limit_in_ms)' do
-    context 'a tiny upper time limit provided' do
-      it 'returns a minimum cost supported by the algorithm' do
-        expect(BCrypt::Engine.calibrate(0.001)).to eq(4)
-      end
-    end
-  end
-end
-describe "The BCrypt engine" do
-  specify "should calculate the optimal cost factor to fit in a specific time" do
-    first = BCrypt::Engine.calibrate(100)
-    second = BCrypt::Engine.calibrate(400)
-    expect(second).to be > first
-  end
-end
-describe "Generating BCrypt salts" do
-  specify "should produce strings" do
-    expect(BCrypt::Engine.generate_salt).to be_an_instance_of(String)
-  end
-  specify "should produce random data" do
-    expect(BCrypt::Engine.generate_salt).to_not equal(BCrypt::Engine.generate_salt)
-  end
-  specify "should raise a InvalidCostError if the cost parameter isn't numeric" do
-    expect { BCrypt::Engine.generate_salt('woo') }.to raise_error(BCrypt::Errors::InvalidCost)
-  end
-  specify "should raise a InvalidCostError if the cost parameter isn't greater than 0" do
-    expect { BCrypt::Engine.generate_salt(-1) }.to raise_error(BCrypt::Errors::InvalidCost)
-  end
-end
-describe "Autodetecting of salt cost" do
-  specify "should work" do
-    expect(BCrypt::Engine.autodetect_cost("$2a$08$hRx2IVeHNsTSYYtUWn61Ou")).to eq 8
-    expect(BCrypt::Engine.autodetect_cost("$2a$05$XKd1bMnLgUnc87qvbAaCUu")).to eq 5
-    expect(BCrypt::Engine.autodetect_cost("$2a$13$Lni.CZ6z5A7344POTFBBV.")).to eq 13
-  end
-end
-describe "Generating BCrypt hashes" do
-  class MyInvalidSecret
-    undef to_s
-  end
-  before :each do
-    @salt = BCrypt::Engine.generate_salt(4)
-    @password = "woo"
-  end
-  specify "should produce a string" do
-    expect(BCrypt::Engine.hash_secret(@password, @salt)).to be_an_instance_of(String)
-  end
-  specify "should raise an InvalidSalt error if the salt is invalid" do
-    expect { BCrypt::Engine.hash_secret(@password, 'nino') }.to raise_error(BCrypt::Errors::InvalidSalt)
-  end
-  specify "should raise an InvalidSecret error if the secret is invalid" do
-    expect { BCrypt::Engine.hash_secret(MyInvalidSecret.new, @salt) }.to raise_error(BCrypt::Errors::InvalidSecret)
-    expect { BCrypt::Engine.hash_secret(nil, @salt) }.not_to raise_error
-    expect { BCrypt::Engine.hash_secret(false, @salt) }.not_to raise_error
-  end
-  specify "should call #to_s on the secret and use the return value as the actual secret data" do
-    expect(BCrypt::Engine.hash_secret(false, @salt)).to eq BCrypt::Engine.hash_secret("false", @salt)
-  end
-  specify "should be interoperable with other implementations" do
-    test_vectors = [
-      # test vectors from the OpenWall implementation <https://www.openwall.com/crypt/>, found in wrapper.c
-      ["U*U", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"],
-      ["U*U*", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK"],
-      ["U*U*U", "$2a$05$XXXXXXXXXXXXXXXXXXXXXO", "$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a"],
-      ["0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789chars after 72 are ignored", "$2a$05$abcdefghijklmnopqrstuu", "$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui"],
-      ["\xa3", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
-      ["\xff\xff\xa3", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
-      ["\xff\xff\xa3", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
-      ["\xff\xff\xa3", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.nqd1wy.pTMdcvrRWxyiGL2eMz.2a85."],
-      ["\xff\xff\xa3", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
-      ["\xa3", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
-      ["\xa3", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
-      ["\xa3", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
-      ["1\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
-      ["\xff\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
-      ["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
-      ["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
-      ["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.ZC1JEJ8Z4gPfpe1JOr/oyPXTWl9EFd."],
-      ["\xff\xa3" "345", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e"],
-      ["\xff\xa3" "345", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e"],
-      ["\xa3" "ab", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
-      ["\xa3" "ab", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
-      ["\xa3" "ab", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
-      ["\xd1\x91", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O", "$2x$05$6bNw2HLQYeqHYyBfLMsv/OiwqTymGIGzFsA4hOTWebfehXHNprcAS"],
-      ["\xd0\xc1\xd2\xcf\xcc\xd8", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O9LIGgn8OMzuDoHfof8AQimSGfcSWxnS"],
-      ["\xaa"*72+"chars after 72 are ignored as usual", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6"],
-      ["\xaa\x55"*36, "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.R9xrDjiycxMbQE2bp.vgqlYpW5wx2yy"],
-      ["\x55\xaa\xff"*24, "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.9tQZzcJfm3uj2NvJ/n5xkhpqLrMpWCe"],
-      ["", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy"],
-      # test vectors from the Java implementation, found in https://github.com/spring-projects/spring-security/blob/master/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
-      ["", "$2a$06$DCq7YPn5Rq63x1Lad4cll.", "$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s."],
-      ["", "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.", "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.Tl.ZHfXLhvt/SgVyWhQqgqcZ7ZuUtye"],
-      ["", "$2a$10$k1wbIrmNyFAPwPVPSVa/ze", "$2a$10$k1wbIrmNyFAPwPVPSVa/zecw2BCEnBwVS2GbrmgzxFUOqW9dk4TCW"],
-      ["", "$2a$12$k42ZFHFWqBp3vWli.nIn8u", "$2a$12$k42ZFHFWqBp3vWli.nIn8uYyIkbvYRvodzbfbK18SSsY.CsIQPlxO"],
-      ["", "$2b$06$8eVN9RiU8Yki430X.wBvN.", "$2b$06$8eVN9RiU8Yki430X.wBvN.LWaqh2962emLVSVXVZIXJvDYLsV0oFu"],
-      ["", "$2b$06$NlgfNgpIc6GlHciCkMEW8u", "$2b$06$NlgfNgpIc6GlHciCkMEW8uKOBsyvAp7QwlHpysOlKdtyEw50WQua2"],
-      ["", "$2y$06$mFDtkz6UN7B3GZ2qi2hhaO", "$2y$06$mFDtkz6UN7B3GZ2qi2hhaO3OFWzNEdcY84ELw6iHCPruuQfSAXBLK"],
-      ["", "$2y$06$88kSqVttBx.e9iXTPCLa5u", "$2y$06$88kSqVttBx.e9iXTPCLa5uFPrVFjfLH4D.KcO6pBiAmvUkvdg0EYy"],
-      ["a", "$2a$06$m0CrhHm10qJ3lXRY.5zDGO", "$2a$06$m0CrhHm10qJ3lXRY.5zDGO3rS2KdeeWLuGmsfGlMfOxih58VYVfxe"],
-      ["a", "$2a$08$cfcvVd2aQ8CMvoMpP2EBfe", "$2a$08$cfcvVd2aQ8CMvoMpP2EBfeodLEkkFJ9umNEfPD18.hUF62qqlC/V."],
-      ["a", "$2a$10$k87L/MF28Q673VKh8/cPi.", "$2a$10$k87L/MF28Q673VKh8/cPi.SUl7MU/rWuSiIDDFayrKk/1tBsSQu4u"],
-      ["a", "$2a$12$8NJH3LsPrANStV6XtBakCe", "$2a$12$8NJH3LsPrANStV6XtBakCez0cKHXVxmvxIlcz785vxAIZrihHZpeS"],
-      ["a", "$2b$06$ehKGYiS4wt2HAr7KQXS5z.", "$2b$06$ehKGYiS4wt2HAr7KQXS5z.OaRjB4jHO7rBHJKlGXbqEH3QVJfO7iO"],
-      ["a", "$2b$06$PWxFFHA3HiCD46TNOZh30e", "$2b$06$PWxFFHA3HiCD46TNOZh30eNto1hg5uM9tHBlI4q/b03SW/gGKUYk6"],
-      ["a", "$2y$06$LUdD6/aD0e/UbnxVAVbvGu", "$2y$06$LUdD6/aD0e/UbnxVAVbvGuUmIoJ3l/OK94ThhadpMWwKC34LrGEey"],
-      ["a", "$2y$06$eqgY.T2yloESMZxgp76deO", "$2y$06$eqgY.T2yloESMZxgp76deOROa7nzXDxbO0k.PJvuClTa.Vu1AuemG"],
-      ["abc", "$2a$06$If6bvum7DFjUnE9p2uDeDu", "$2a$06$If6bvum7DFjUnE9p2uDeDu0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i"],
-      ["abc", "$2a$08$Ro0CUfOqk6cXEKf3dyaM7O", "$2a$08$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm"],
-      ["abc", "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.", "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.hLA2W6N9AEBhEgrAOljy2Ae5MtaSIUi"],
-      ["abc", "$2a$12$EXRkfkdmXn2gzds2SSitu.", "$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q"],
-      ["abc", "$2b$06$5FyQoicpbox1xSHFfhhdXu", "$2b$06$5FyQoicpbox1xSHFfhhdXuR2oxLpO1rYsQh5RTkI/9.RIjtoF0/ta"],
-      ["abc", "$2b$06$1kJyuho8MCVP3HHsjnRMkO", "$2b$06$1kJyuho8MCVP3HHsjnRMkO1nvCOaKTqLnjG2TX1lyMFbXH/aOkgc."],
-      ["abc", "$2y$06$ACfku9dT6.H8VjdKb8nhlu", "$2y$06$ACfku9dT6.H8VjdKb8nhluaoBmhJyK7GfoNScEfOfrJffUxoUeCjK"],
-      ["abc", "$2y$06$9JujYcoWPmifvFA3RUP90e", "$2y$06$9JujYcoWPmifvFA3RUP90e5rSEHAb5Ye6iv3.G9ikiHNv5cxjNEse"],
-      ["abcdefghijklmnopqrstuvwxyz", "$2a$06$.rCVZVOThsIa97pEDOxvGu", "$2a$06$.rCVZVOThsIa97pEDOxvGuRRgzG64bvtJ0938xuqzv18d3ZpQhstC"],
-      ["abcdefghijklmnopqrstuvwxyz", "$2a$08$aTsUwsyowQuzRrDqFflhge", "$2a$08$aTsUwsyowQuzRrDqFflhgekJ8d9/7Z3GV3UcgvzQW3J5zMyrTvlz."],
-      ["abcdefghijklmnopqrstuvwxyz", "$2a$10$fVH8e28OQRj9tqiDXs1e1u", "$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq"],
-      ["abcdefghijklmnopqrstuvwxyz", "$2a$12$D4G5f18o7aMMfwasBL7Gpu", "$2a$12$D4G5f18o7aMMfwasBL7GpuQWuP3pkrZrOAnqP.bmezbMng.QwJ/pG"],
-      ["abcdefghijklmnopqrstuvwxyz", "$2b$06$O8E89AQPj1zJQA05YvIAU.", "$2b$06$O8E89AQPj1zJQA05YvIAU.hMpj25BXri1bupl/Q7CJMlpLwZDNBoO"],
-      ["abcdefghijklmnopqrstuvwxyz", "$2b$06$PDqIWr./o/P3EE/P.Q0A/u", "$2b$06$PDqIWr./o/P3EE/P.Q0A/uFg86WL/PXTbaW267TDALEwDylqk00Z."],
-      ["abcdefghijklmnopqrstuvwxyz", "$2y$06$34MG90ZLah8/ZNr3ltlHCu", "$2y$06$34MG90ZLah8/ZNr3ltlHCuz6bachF8/3S5jTuzF1h2qg2cUk11sFW"],
-      ["abcdefghijklmnopqrstuvwxyz", "$2y$06$AK.hSLfMyw706iEW24i68u", "$2y$06$AK.hSLfMyw706iEW24i68uKAc2yorPTrB0cimvjJHEBUrPkOq7VvG"],
-      ["~!@#$%^&*()      ~!@#$%^&*()PNBFRD", "$2a$06$fPIsBO8qRqkjj273rfaOI.", "$2a$06$fPIsBO8qRqkjj273rfaOI.HtSV9jLDpTbZn782DC6/t7qT67P6FfO"],
-      ["~!@#$%^&*()      ~!@#$%^&*()PNBFRD", "$2a$08$Eq2r4G/76Wv39MzSX262hu", "$2a$08$Eq2r4G/76Wv39MzSX262huzPz612MZiYHVUJe/OcOql2jo4.9UxTW"],
-      ["~!@#$%^&*()      ~!@#$%^&*()PNBFRD", "$2a$10$LgfYWkbzEvQ4JakH7rOvHe", "$2a$10$LgfYWkbzEvQ4JakH7rOvHe0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS"],
-      ["~!@#$%^&*()      ~!@#$%^&*()PNBFRD", "$2a$12$WApznUOJfkEGSmYRfnkrPO", "$2a$12$WApznUOJfkEGSmYRfnkrPOr466oFDCaj4b6HY3EXGvfxm43seyhgC"],
-      ["~!@#$%^&*()      ~!@#$%^&*()PNBFRD", "$2b$06$FGWA8OlY6RtQhXBXuCJ8Wu", "$2b$06$FGWA8OlY6RtQhXBXuCJ8WusVipRI15cWOgJK8MYpBHEkktMfbHRIG"],
-      ["~!@#$%^&*()      ~!@#$%^&*()PNBFRD", "$2b$06$G6aYU7UhUEUDJBdTgq3CRe", "$2b$06$G6aYU7UhUEUDJBdTgq3CRekiopCN4O4sNitFXrf5NUscsVZj3a2r6"],
-      ["~!@#$%^&*()      ~!@#$%^&*()PNBFRD", "$2y$06$sYDFHqOcXTjBgOsqC0WCKe", "$2y$06$sYDFHqOcXTjBgOsqC0WCKeMd3T1UhHuWQSxncLGtXDLMrcE6vFDti"],
-      ["~!@#$%^&*()      ~!@#$%^&*()PNBFRD", "$2y$06$6Xm0gCw4g7ZNDCEp4yTise", "$2y$06$6Xm0gCw4g7ZNDCEp4yTisez0kSdpXEl66MvdxGidnmChIe8dFmMnq"]
-    ]
-    for secret, salt, test_vector in test_vectors
-      expect(BCrypt::Engine.hash_secret(secret, salt)).to eql(test_vector)
-    end
-  end
-end

data/spec/bcrypt/error_spec.rb DELETED Viewed

@@ -1,37 +0,0 @@
-require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
-describe "Errors" do
-  shared_examples "descends from StandardError" do
-    it "can be rescued as a StandardError" do
-      expect(described_class).to be < StandardError
-    end
-  end
-  shared_examples "descends from BCrypt::Error" do
-    it "can be rescued as a BCrypt::Error" do
-      expect(described_class).to be < BCrypt::Error
-    end
-  end
-  describe BCrypt::Error do
-    include_examples "descends from StandardError"
-  end
-  describe BCrypt::Errors::InvalidCost do
-    include_examples "descends from BCrypt::Error"
-  end
-  describe BCrypt::Errors::InvalidHash do
-    include_examples "descends from BCrypt::Error"
-  end
-  describe BCrypt::Errors::InvalidSalt do
-    include_examples "descends from BCrypt::Error"
-  end
-  describe BCrypt::Errors::InvalidSecret do
-    include_examples "descends from BCrypt::Error"
-  end
-end

data/spec/bcrypt/password_spec.rb DELETED Viewed

@@ -1,124 +0,0 @@
-require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
-describe "Creating a hashed password" do
-  before :each do
-    @secret = "wheedle"
-    @password = BCrypt::Password.create(@secret, :cost => 4)
-  end
-  specify "should return a BCrypt::Password" do
-    expect(@password).to be_an_instance_of(BCrypt::Password)
-  end
-  specify "should return a valid bcrypt password" do
-    expect { BCrypt::Password.new(@password) }.not_to raise_error
-  end
-  specify "should behave normally if the secret is not a string" do
-    expect { BCrypt::Password.create(nil) }.not_to raise_error
-    expect { BCrypt::Password.create({:woo => "yeah"}) }.not_to raise_error
-    expect { BCrypt::Password.create(false) }.not_to raise_error
-  end
-  specify "should tolerate empty string secrets" do
-    expect { BCrypt::Password.create( "\n".chop  ) }.not_to raise_error
-    expect { BCrypt::Password.create( ""         ) }.not_to raise_error
-    expect { BCrypt::Password.create( String.new ) }.not_to raise_error
-  end
-end
-describe "Reading a hashed password" do
-  before :each do
-    @secret = "U*U"
-    @hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
-  end
-  specify "the cost is too damn high" do
-    expect {
-      BCrypt::Password.create("hello", :cost => 32)
-    }.to raise_error(ArgumentError)
-  end
-  specify "the cost should be set to the default if nil" do
-    expect(BCrypt::Password.create("hello", :cost => nil).cost).to equal(BCrypt::Engine::DEFAULT_COST)
-  end
-  specify "the cost should be set to the default if empty hash" do
-    expect(BCrypt::Password.create("hello", {}).cost).to equal(BCrypt::Engine::DEFAULT_COST)
-  end
-  specify "the cost should be set to the passed value if provided" do
-    expect(BCrypt::Password.create("hello", :cost => 5).cost).to equal(5)
-  end
-  specify "the cost should be set to the global value if set" do
-    BCrypt::Engine.cost = 5
-    expect(BCrypt::Password.create("hello").cost).to equal(5)
-    # unset the global value to not affect other tests
-    BCrypt::Engine.cost = nil
-  end
-  specify "the cost should be set to an overridden constant for backwards compatibility" do
-    # suppress "already initialized constant" warning
-    old_verbose, $VERBOSE = $VERBOSE, nil
-    old_default_cost = BCrypt::Engine::DEFAULT_COST
-    BCrypt::Engine::DEFAULT_COST = 5
-    expect(BCrypt::Password.create("hello").cost).to equal(5)
-    # reset default to not affect other tests
-    BCrypt::Engine::DEFAULT_COST = old_default_cost
-    $VERBOSE = old_verbose
-  end
-  specify "should read the version, cost, salt, and hash" do
-    password = BCrypt::Password.new(@hash)
-    expect(password.version).to eql("2a")
-    expect(password.version.class).to eq String
-    expect(password.cost).to equal(5)
-    expect(password.salt).to eql("$2a$05$CCCCCCCCCCCCCCCCCCCCC.")
-    expect(password.salt.class).to eq String
-    expect(password.checksum).to eq("E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW")
-    expect(password.checksum.class).to eq String
-    expect(password.to_s).to eql(@hash)
-  end
-  specify "should raise an InvalidHashError when given an invalid hash" do
-    expect { BCrypt::Password.new('weedle') }.to raise_error(BCrypt::Errors::InvalidHash)
-  end
-end
-describe "Comparing a hashed password with a secret" do
-  before :each do
-    @secret = "U*U"
-    @hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
-    @password = BCrypt::Password.create(@secret)
-  end
-  specify "should compare successfully to the original secret" do
-    expect((@password == @secret)).to be(true)
-  end
-  specify "should compare unsuccessfully to anything besides original secret" do
-    expect((@password == "@secret")).to be(false)
-  end
-end
-describe "Validating a generated salt" do
-  specify "should not accept an invalid salt" do
-    expect(BCrypt::Engine.valid_salt?("invalid")).to eq(false)
-  end
-  specify "should accept a valid salt" do
-    expect(BCrypt::Engine.valid_salt?(BCrypt::Engine.generate_salt)).to eq(true)
-  end
-end
-describe "Validating a password hash" do
-  specify "should not accept an invalid password" do
-    expect(BCrypt::Password.valid_hash?("i_am_so_not_valid")).to be(false)
-  end
-  specify "should accept a valid password" do
-    expect(BCrypt::Password.valid_hash?(BCrypt::Password.create "i_am_so_valid")).to be(true)
-  end
-end

data/spec/spec_helper.rb DELETED Viewed

	@@ -1,2 +0,0 @@
1	- $:.unshift File.expand_path('../../lib', __FILE__)
2	- require 'bcrypt'