bcrypt 3.1.18-java → 3.1.20-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f35948f2d6985ec5e338d0dd89e2481e0c2e91df63a9623b02bad157c1da0967
4
- data.tar.gz: c9cdd80dbf146b2497091bc2e09b613fea5784eacf7e570bcebb7e4a0c3b175c
3
+ metadata.gz: 18e51a94af441c07a71cba0f9d5c8e813ed65b0206e6d143784215d43404be78
4
+ data.tar.gz: 0f593432119c2166fb96c65786b3bf119d42ecc35d7de1322b7700c81679e3b5
5
5
  SHA512:
6
- metadata.gz: 3c5d43f9ff8813d14f866a5a87354b0f3152dff9c2b75ab08a7b70e0e84e8f71d2582b36cbdb71b3d45f68fa1a3cd38f30de75db812c5bc23ff613918070a09a
7
- data.tar.gz: 8ec660bd584fc110d347dbd5a4d1d0c1cf75e36e7ac9f455a7ed86c100c8111c3f62ef3b4ae5aa15275d30d034d1289756eb1104ed55ad4ff8656c21836cdab6
6
+ metadata.gz: 92e7ac49940ed3c1ac8929da228dc90e48ef9ec12819fe9a83102211f7695c47ad9dd6e7aeb333b6499308556995405c9b7a7fd1b70eb0b12231d070f111f2d3
7
+ data.tar.gz: bdbfa55d1c5e8c111b31f3c2bd0d90f4408799af5afcca5d53f2c47604033f991238948905f95f91f16a2f08d315283ceda37ea770cbe612d98170771da24394
data/CHANGELOG CHANGED
@@ -1,3 +1,10 @@
1
+ 3.1.20 Nov 17 2023
2
+ - Limit packaged files -- decrease gem filesize by ~28% [GH #272 by @pusewicz]
3
+
4
+ 3.1.19 June 22 2023
5
+ - Deprecate passing the third argument to `BCrypt::Engine.hash_secret` [GH #207 by @sergey-alekseev]
6
+ - Add GC guards so the C compiler won't optimize out references [GH #270]
7
+
1
8
  3.1.18 May 16 2022
2
9
  - Unlock GVL when calculating hashes and salts [GH #260]
3
10
  - Fix compilation warnings in `ext/mri/bcrypt_ext.c` [GH #261]
data/ext/mri/bcrypt_ext.c CHANGED
@@ -49,6 +49,9 @@ static VALUE bc_salt(VALUE self, VALUE prefix, VALUE count, VALUE input) {
49
49
  if(!salt) return Qnil;
50
50
 
51
51
  str_salt = rb_str_new2(salt);
52
+
53
+ RB_GC_GUARD(prefix);
54
+ RB_GC_GUARD(input);
52
55
  free(salt);
53
56
 
54
57
  return str_salt;
@@ -99,6 +102,8 @@ static VALUE bc_crypt(VALUE self, VALUE key, VALUE setting) {
99
102
 
100
103
  out = rb_str_new2(value);
101
104
 
105
+ RB_GC_GUARD(key);
106
+ RB_GC_GUARD(setting);
102
107
  free(args.data);
103
108
 
104
109
  return out;
data/lib/bcrypt/engine.rb CHANGED
@@ -53,6 +53,13 @@ module BCrypt
53
53
  # Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates
54
54
  # a bcrypt() password hash. Secrets longer than 72 bytes are truncated.
55
55
  def self.hash_secret(secret, salt, _ = nil)
56
+ unless _.nil?
57
+ warn "[DEPRECATION] Passing the third argument to " \
58
+ "`BCrypt::Engine.hash_secret` is deprecated. " \
59
+ "Please do not pass the third argument which " \
60
+ "is currently not used."
61
+ end
62
+
56
63
  if valid_secret?(secret)
57
64
  if valid_salt?(salt)
58
65
  if RUBY_PLATFORM == "java"
data/lib/bcrypt_ext.jar CHANGED
Binary file
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bcrypt
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.18
4
+ version: 3.1.20
5
5
  platform: java
6
6
  authors:
7
7
  - Coda Hale
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-16 00:00:00.000000000 Z
11
+ date: 2023-11-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -17,8 +17,8 @@ dependencies:
17
17
  - !ruby/object:Gem::Version
18
18
  version: 1.2.0
19
19
  name: rake-compiler
20
- prerelease: false
21
20
  type: :development
21
+ prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
@@ -31,8 +31,8 @@ dependencies:
31
31
  - !ruby/object:Gem::Version
32
32
  version: '3'
33
33
  name: rspec
34
- prerelease: false
35
34
  type: :development
35
+ prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - ">="
@@ -50,19 +50,13 @@ extra_rdoc_files:
50
50
  - COPYING
51
51
  - CHANGELOG
52
52
  - lib/bcrypt.rb
53
- - lib/bcrypt/password.rb
54
53
  - lib/bcrypt/engine.rb
55
54
  - lib/bcrypt/error.rb
55
+ - lib/bcrypt/password.rb
56
56
  files:
57
- - ".github/workflows/ruby.yml"
58
- - ".gitignore"
59
- - ".rspec"
60
57
  - CHANGELOG
61
58
  - COPYING
62
- - Gemfile
63
59
  - README.md
64
- - Rakefile
65
- - bcrypt.gemspec
66
60
  - ext/jruby/bcrypt_jruby/BCrypt.java
67
61
  - ext/mri/bcrypt_ext.c
68
62
  - ext/mri/crypt.c
@@ -80,11 +74,6 @@ files:
80
74
  - lib/bcrypt/error.rb
81
75
  - lib/bcrypt/password.rb
82
76
  - lib/bcrypt_ext.jar
83
- - spec/TestBCrypt.java
84
- - spec/bcrypt/engine_spec.rb
85
- - spec/bcrypt/error_spec.rb
86
- - spec/bcrypt/password_spec.rb
87
- - spec/spec_helper.rb
88
77
  homepage: https://github.com/bcrypt-ruby/bcrypt-ruby
89
78
  licenses:
90
79
  - MIT
@@ -110,7 +99,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
110
99
  - !ruby/object:Gem::Version
111
100
  version: '0'
112
101
  requirements: []
113
- rubygems_version: 3.2.29
102
+ rubygems_version: 3.3.26
114
103
  signing_key:
115
104
  specification_version: 4
116
105
  summary: OpenBSD's bcrypt() password hashing algorithm.
@@ -1,59 +0,0 @@
1
- name: Test Suite
2
-
3
- # Run against all commits and pull requests.
4
- on: [ push, pull_request ]
5
-
6
- jobs:
7
- test_matrix:
8
-
9
- strategy:
10
- fail-fast: false
11
- matrix:
12
- os:
13
- - ubuntu
14
- - macos
15
- - windows
16
- ruby:
17
- - 2.1
18
- - 2.2
19
- - 2.3
20
- - 2.4
21
- - 2.5
22
- - 2.6
23
- - 2.7
24
- - '3.0'
25
- - 3.1
26
- - head
27
- - jruby
28
- - jruby-head
29
- - truffleruby
30
- - truffleruby-head
31
- - mingw
32
- exclude:
33
- - { os: ubuntu, ruby: mingw }
34
- - { os: macos, ruby: mingw }
35
- - { os: windows, ruby: truffleruby }
36
- - { os: windows, ruby: truffleruby-head }
37
-
38
- runs-on: ${{ matrix.os }}-latest
39
-
40
- steps:
41
- - uses: actions/checkout@v2
42
- - name: Set up Ruby
43
- uses: ruby/setup-ruby@v1
44
- with:
45
- ruby-version: ${{ matrix.ruby }}
46
- bundler-cache: true
47
- env:
48
- JAVA_OPTS: -Djdk.io.File.enableADS=true
49
- - name: Run tests
50
- run: bundle exec rake default
51
- env:
52
- JAVA_OPTS: -Djdk.io.File.enableADS=true
53
-
54
- finish:
55
- runs-on: ubuntu-latest
56
- needs: [ test_matrix ]
57
- steps:
58
- - name: Wait for status checks
59
- run: echo "All Green!"
data/.gitignore DELETED
@@ -1,10 +0,0 @@
1
- doc
2
- pkg
3
- tmp
4
- *.o
5
- *.bundle
6
- *.so
7
- *.jar
8
- .DS_Store
9
- .rbenv-gemsets
10
- Gemfile.lock
data/.rspec DELETED
@@ -1,3 +0,0 @@
1
- --color
2
- --backtrace
3
- --format documentation
data/Gemfile DELETED
@@ -1,2 +0,0 @@
1
- source 'https://rubygems.org'
2
- gemspec
data/Rakefile DELETED
@@ -1,72 +0,0 @@
1
- require 'rspec/core/rake_task'
2
- require 'rubygems/package_task'
3
- require 'rake/extensiontask'
4
- require 'rake/javaextensiontask'
5
- require 'rake/clean'
6
- require 'rdoc/task'
7
- require 'benchmark'
8
-
9
- CLEAN.include(
10
- "tmp",
11
- "lib/bcrypt_ext.jar",
12
- "lib/bcrypt_ext.so"
13
- )
14
- CLOBBER.include(
15
- "doc",
16
- "pkg"
17
- )
18
-
19
- GEMSPEC = Gem::Specification.load("bcrypt.gemspec")
20
-
21
- task :default => [:compile, :spec]
22
-
23
- desc "Run all specs"
24
- RSpec::Core::RakeTask.new do |t|
25
- t.pattern = 'spec/**/*_spec.rb'
26
- t.ruby_opts = '-w'
27
- end
28
-
29
- desc "Run all specs, with coverage testing"
30
- RSpec::Core::RakeTask.new(:rcov) do |t|
31
- t.pattern = 'spec/**/*_spec.rb'
32
- t.rcov = true
33
- t.rcov_path = 'doc/coverage'
34
- t.rcov_opts = ['--exclude', 'rspec,diff-lcs,rcov,_spec,_helper']
35
- end
36
-
37
- desc 'Generate RDoc'
38
- RDoc::Task.new do |rdoc|
39
- rdoc.rdoc_dir = 'doc/rdoc'
40
- rdoc.options += GEMSPEC.rdoc_options
41
- rdoc.template = ENV['TEMPLATE'] if ENV['TEMPLATE']
42
- rdoc.rdoc_files.include(*GEMSPEC.extra_rdoc_files)
43
- end
44
-
45
- Gem::PackageTask.new(GEMSPEC) do |pkg|
46
- pkg.need_zip = true
47
- pkg.need_tar = true
48
- end
49
-
50
- if RUBY_PLATFORM =~ /java/
51
- Rake::JavaExtensionTask.new('bcrypt_ext', GEMSPEC) do |ext|
52
- ext.ext_dir = 'ext/jruby'
53
- ext.source_version = "1.7"
54
- ext.target_version = "1.7"
55
- end
56
- else
57
- Rake::ExtensionTask.new("bcrypt_ext", GEMSPEC) do |ext|
58
- ext.ext_dir = 'ext/mri'
59
- end
60
- end
61
-
62
- desc "Run a set of benchmarks on the compiled extension."
63
- task :benchmark do
64
- TESTS = 100
65
- TEST_PWD = "this is a test"
66
- require File.expand_path(File.join(File.dirname(__FILE__), "lib", "bcrypt"))
67
- Benchmark.bmbm do |results|
68
- 4.upto(10) do |n|
69
- results.report("cost #{n}:") { TESTS.times { BCrypt::Password.create(TEST_PWD, :cost => n) } }
70
- end
71
- end
72
- end
data/bcrypt.gemspec DELETED
@@ -1,27 +0,0 @@
1
- Gem::Specification.new do |s|
2
- s.name = 'bcrypt'
3
- s.version = '3.1.18'
4
-
5
- s.summary = "OpenBSD's bcrypt() password hashing algorithm."
6
- s.description = <<-EOF
7
- bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project
8
- for hashing passwords. The bcrypt Ruby gem provides a simple wrapper for safely handling
9
- passwords.
10
- EOF
11
-
12
- s.files = `git ls-files`.split("\n")
13
- s.require_path = 'lib'
14
-
15
- s.add_development_dependency 'rake-compiler', '~> 1.2.0'
16
- s.add_development_dependency 'rspec', '>= 3'
17
-
18
- s.rdoc_options += ['--title', 'bcrypt-ruby', '--line-numbers', '--inline-source', '--main', 'README.md']
19
- s.extra_rdoc_files += ['README.md', 'COPYING', 'CHANGELOG', *Dir['lib/**/*.rb']]
20
-
21
- s.extensions = 'ext/mri/extconf.rb'
22
-
23
- s.authors = ["Coda Hale"]
24
- s.email = "coda.hale@gmail.com"
25
- s.homepage = "https://github.com/bcrypt-ruby/bcrypt-ruby"
26
- s.license = "MIT"
27
- end
data/spec/TestBCrypt.java DELETED
@@ -1,194 +0,0 @@
1
- // Copyright (c) 2006 Damien Miller <djm@mindrot.org>
2
- //
3
- // Permission to use, copy, modify, and distribute this software for any
4
- // purpose with or without fee is hereby granted, provided that the above
5
- // copyright notice and this permission notice appear in all copies.
6
- //
7
- // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
- // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
- // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
10
- // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
- // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
12
- // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
13
- // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14
-
15
- import junit.framework.TestCase;
16
-
17
- /**
18
- * JUnit unit tests for BCrypt routines
19
- * @author Damien Miller
20
- * @version 0.2
21
- */
22
- public class TestBCrypt extends TestCase {
23
- String test_vectors[][] = {
24
- { "",
25
- "$2a$06$DCq7YPn5Rq63x1Lad4cll.",
26
- "$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s." },
27
- { "",
28
- "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.",
29
- "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.Tl.ZHfXLhvt/SgVyWhQqgqcZ7ZuUtye" },
30
- { "",
31
- "$2a$10$k1wbIrmNyFAPwPVPSVa/ze",
32
- "$2a$10$k1wbIrmNyFAPwPVPSVa/zecw2BCEnBwVS2GbrmgzxFUOqW9dk4TCW" },
33
- { "",
34
- "$2a$12$k42ZFHFWqBp3vWli.nIn8u",
35
- "$2a$12$k42ZFHFWqBp3vWli.nIn8uYyIkbvYRvodzbfbK18SSsY.CsIQPlxO" },
36
- { "a",
37
- "$2a$06$m0CrhHm10qJ3lXRY.5zDGO",
38
- "$2a$06$m0CrhHm10qJ3lXRY.5zDGO3rS2KdeeWLuGmsfGlMfOxih58VYVfxe" },
39
- { "a",
40
- "$2a$08$cfcvVd2aQ8CMvoMpP2EBfe",
41
- "$2a$08$cfcvVd2aQ8CMvoMpP2EBfeodLEkkFJ9umNEfPD18.hUF62qqlC/V." },
42
- { "a",
43
- "$2a$10$k87L/MF28Q673VKh8/cPi.",
44
- "$2a$10$k87L/MF28Q673VKh8/cPi.SUl7MU/rWuSiIDDFayrKk/1tBsSQu4u" },
45
- { "a",
46
- "$2a$12$8NJH3LsPrANStV6XtBakCe",
47
- "$2a$12$8NJH3LsPrANStV6XtBakCez0cKHXVxmvxIlcz785vxAIZrihHZpeS" },
48
- { "abc",
49
- "$2a$06$If6bvum7DFjUnE9p2uDeDu",
50
- "$2a$06$If6bvum7DFjUnE9p2uDeDu0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i" },
51
- { "abc",
52
- "$2a$08$Ro0CUfOqk6cXEKf3dyaM7O",
53
- "$2a$08$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm" },
54
- { "abc",
55
- "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.",
56
- "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.hLA2W6N9AEBhEgrAOljy2Ae5MtaSIUi" },
57
- { "abc",
58
- "$2a$12$EXRkfkdmXn2gzds2SSitu.",
59
- "$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q" },
60
- { "abcdefghijklmnopqrstuvwxyz",
61
- "$2a$06$.rCVZVOThsIa97pEDOxvGu",
62
- "$2a$06$.rCVZVOThsIa97pEDOxvGuRRgzG64bvtJ0938xuqzv18d3ZpQhstC" },
63
- { "abcdefghijklmnopqrstuvwxyz",
64
- "$2a$08$aTsUwsyowQuzRrDqFflhge",
65
- "$2a$08$aTsUwsyowQuzRrDqFflhgekJ8d9/7Z3GV3UcgvzQW3J5zMyrTvlz." },
66
- { "abcdefghijklmnopqrstuvwxyz",
67
- "$2a$10$fVH8e28OQRj9tqiDXs1e1u",
68
- "$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq" },
69
- { "abcdefghijklmnopqrstuvwxyz",
70
- "$2a$12$D4G5f18o7aMMfwasBL7Gpu",
71
- "$2a$12$D4G5f18o7aMMfwasBL7GpuQWuP3pkrZrOAnqP.bmezbMng.QwJ/pG" },
72
- { "~!@#$%^&*() ~!@#$%^&*()PNBFRD",
73
- "$2a$06$fPIsBO8qRqkjj273rfaOI.",
74
- "$2a$06$fPIsBO8qRqkjj273rfaOI.HtSV9jLDpTbZn782DC6/t7qT67P6FfO" },
75
- { "~!@#$%^&*() ~!@#$%^&*()PNBFRD",
76
- "$2a$08$Eq2r4G/76Wv39MzSX262hu",
77
- "$2a$08$Eq2r4G/76Wv39MzSX262huzPz612MZiYHVUJe/OcOql2jo4.9UxTW" },
78
- { "~!@#$%^&*() ~!@#$%^&*()PNBFRD",
79
- "$2a$10$LgfYWkbzEvQ4JakH7rOvHe",
80
- "$2a$10$LgfYWkbzEvQ4JakH7rOvHe0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS" },
81
- { "~!@#$%^&*() ~!@#$%^&*()PNBFRD",
82
- "$2a$12$WApznUOJfkEGSmYRfnkrPO",
83
- "$2a$12$WApznUOJfkEGSmYRfnkrPOr466oFDCaj4b6HY3EXGvfxm43seyhgC" },
84
- };
85
-
86
- /**
87
- * Entry point for unit tests
88
- * @param args unused
89
- */
90
- public static void main(String[] args) {
91
- junit.textui.TestRunner.run(TestBCrypt.class);
92
- }
93
-
94
- /**
95
- * Test method for 'BCrypt.hashpw(String, String)'
96
- */
97
- public void testHashpw() {
98
- System.out.print("BCrypt.hashpw(): ");
99
- for (int i = 0; i < test_vectors.length; i++) {
100
- String plain = test_vectors[i][0];
101
- String salt = test_vectors[i][1];
102
- String expected = test_vectors[i][2];
103
- String hashed = BCrypt.hashpw(plain, salt);
104
- assertEquals(hashed, expected);
105
- System.out.print(".");
106
- }
107
- System.out.println("");
108
- }
109
-
110
- /**
111
- * Test method for 'BCrypt.gensalt(int)'
112
- */
113
- public void testGensaltInt() {
114
- System.out.print("BCrypt.gensalt(log_rounds):");
115
- for (int i = 4; i <= 12; i++) {
116
- System.out.print(" " + Integer.toString(i) + ":");
117
- for (int j = 0; j < test_vectors.length; j += 4) {
118
- String plain = test_vectors[j][0];
119
- String salt = BCrypt.gensalt(i);
120
- String hashed1 = BCrypt.hashpw(plain, salt);
121
- String hashed2 = BCrypt.hashpw(plain, hashed1);
122
- assertEquals(hashed1, hashed2);
123
- System.out.print(".");
124
- }
125
- }
126
- System.out.println("");
127
- }
128
-
129
- /**
130
- * Test method for 'BCrypt.gensalt()'
131
- */
132
- public void testGensalt() {
133
- System.out.print("BCrypt.gensalt(): ");
134
- for (int i = 0; i < test_vectors.length; i += 4) {
135
- String plain = test_vectors[i][0];
136
- String salt = BCrypt.gensalt();
137
- String hashed1 = BCrypt.hashpw(plain, salt);
138
- String hashed2 = BCrypt.hashpw(plain, hashed1);
139
- assertEquals(hashed1, hashed2);
140
- System.out.print(".");
141
- }
142
- System.out.println("");
143
- }
144
-
145
- /**
146
- * Test method for 'BCrypt.checkpw(String, String)'
147
- * expecting success
148
- */
149
- public void testCheckpw_success() {
150
- System.out.print("BCrypt.checkpw w/ good passwords: ");
151
- for (int i = 0; i < test_vectors.length; i++) {
152
- String plain = test_vectors[i][0];
153
- String expected = test_vectors[i][2];
154
- assertTrue(BCrypt.checkpw(plain, expected));
155
- System.out.print(".");
156
- }
157
- System.out.println("");
158
- }
159
-
160
- /**
161
- * Test method for 'BCrypt.checkpw(String, String)'
162
- * expecting failure
163
- */
164
- public void testCheckpw_failure() {
165
- System.out.print("BCrypt.checkpw w/ bad passwords: ");
166
- for (int i = 0; i < test_vectors.length; i++) {
167
- int broken_index = (i + 4) % test_vectors.length;
168
- String plain = test_vectors[i][0];
169
- String expected = test_vectors[broken_index][2];
170
- assertFalse(BCrypt.checkpw(plain, expected));
171
- System.out.print(".");
172
- }
173
- System.out.println("");
174
- }
175
-
176
- /**
177
- * Test for correct hashing of non-US-ASCII passwords
178
- */
179
- public void testInternationalChars() {
180
- System.out.print("BCrypt.hashpw w/ international chars: ");
181
- String pw1 = "ππππππππ";
182
- String pw2 = "????????";
183
-
184
- String h1 = BCrypt.hashpw(pw1, BCrypt.gensalt());
185
- assertFalse(BCrypt.checkpw(pw2, h1));
186
- System.out.print(".");
187
-
188
- String h2 = BCrypt.hashpw(pw2, BCrypt.gensalt());
189
- assertFalse(BCrypt.checkpw(pw1, h2));
190
- System.out.print(".");
191
- System.out.println("");
192
- }
193
-
194
- }
@@ -1,176 +0,0 @@
1
- require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
2
- require 'securerandom'
3
-
4
- describe 'BCrypt::Engine' do
5
- describe '.calibrate(upper_time_limit_in_ms)' do
6
- context 'a tiny upper time limit provided' do
7
- it 'returns a minimum cost supported by the algorithm' do
8
- expect(BCrypt::Engine.calibrate(0.001)).to eq(4)
9
- end
10
- end
11
- end
12
- end
13
-
14
- describe "The BCrypt engine" do
15
- specify "should calculate the optimal cost factor to fit in a specific time" do
16
- start_time = Time.now
17
- BCrypt::Password.create("testing testing", :cost => BCrypt::Engine::MIN_COST + 1)
18
- min_time_ms = (Time.now - start_time) * 1000
19
- first = BCrypt::Engine.calibrate(min_time_ms)
20
- second = BCrypt::Engine.calibrate(min_time_ms * 4)
21
- expect(second).to be > first
22
- end
23
- end
24
-
25
- describe "Generating BCrypt salts" do
26
-
27
- specify "should produce strings" do
28
- expect(BCrypt::Engine.generate_salt).to be_an_instance_of(String)
29
- end
30
-
31
- specify "should produce random data" do
32
- expect(BCrypt::Engine.generate_salt).to_not equal(BCrypt::Engine.generate_salt)
33
- end
34
-
35
- specify "should raise a InvalidCostError if the cost parameter isn't numeric" do
36
- expect { BCrypt::Engine.generate_salt('woo') }.to raise_error(BCrypt::Errors::InvalidCost)
37
- end
38
-
39
- specify "should raise a InvalidCostError if the cost parameter isn't greater than 0" do
40
- expect { BCrypt::Engine.generate_salt(-1) }.to raise_error(BCrypt::Errors::InvalidCost)
41
- end
42
- end
43
-
44
- describe "Autodetecting of salt cost" do
45
-
46
- specify "should work" do
47
- expect(BCrypt::Engine.autodetect_cost("$2a$08$hRx2IVeHNsTSYYtUWn61Ou")).to eq 8
48
- expect(BCrypt::Engine.autodetect_cost("$2a$05$XKd1bMnLgUnc87qvbAaCUu")).to eq 5
49
- expect(BCrypt::Engine.autodetect_cost("$2a$13$Lni.CZ6z5A7344POTFBBV.")).to eq 13
50
- end
51
-
52
- end
53
-
54
- describe "Generating BCrypt hashes" do
55
-
56
- class MyInvalidSecret
57
- undef to_s
58
- end
59
-
60
- before :each do
61
- @salt = BCrypt::Engine.generate_salt(4)
62
- @password = "woo"
63
- end
64
-
65
- specify "should produce a string" do
66
- expect(BCrypt::Engine.hash_secret(@password, @salt)).to be_an_instance_of(String)
67
- end
68
-
69
- specify "should raise an InvalidSalt error if the salt is invalid" do
70
- expect { BCrypt::Engine.hash_secret(@password, 'nino') }.to raise_error(BCrypt::Errors::InvalidSalt)
71
- end
72
-
73
- specify "should raise an InvalidSecret error if the secret is invalid" do
74
- expect { BCrypt::Engine.hash_secret(MyInvalidSecret.new, @salt) }.to raise_error(BCrypt::Errors::InvalidSecret)
75
- expect { BCrypt::Engine.hash_secret(nil, @salt) }.not_to raise_error
76
- expect { BCrypt::Engine.hash_secret(false, @salt) }.not_to raise_error
77
- end
78
-
79
- specify "should call #to_s on the secret and use the return value as the actual secret data" do
80
- expect(BCrypt::Engine.hash_secret(false, @salt)).to eq BCrypt::Engine.hash_secret("false", @salt)
81
- end
82
-
83
- specify "should be interoperable with other implementations" do
84
- test_vectors = [
85
- # test vectors from the OpenWall implementation <https://www.openwall.com/crypt/>, found in wrapper.c
86
- ["U*U", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"],
87
- ["U*U*", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK"],
88
- ["U*U*U", "$2a$05$XXXXXXXXXXXXXXXXXXXXXO", "$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a"],
89
- ["0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789chars after 72 are ignored", "$2a$05$abcdefghijklmnopqrstuu", "$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui"],
90
- ["\xa3", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
91
- ["\xff\xff\xa3", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
92
- ["\xff\xff\xa3", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
93
- ["\xff\xff\xa3", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.nqd1wy.pTMdcvrRWxyiGL2eMz.2a85."],
94
- ["\xff\xff\xa3", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
95
- ["\xa3", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
96
- ["\xa3", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
97
- ["\xa3", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
98
- ["1\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
99
- ["\xff\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
100
- ["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
101
- ["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
102
- ["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.ZC1JEJ8Z4gPfpe1JOr/oyPXTWl9EFd."],
103
- ["\xff\xa3" "345", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e"],
104
- ["\xff\xa3" "345", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e"],
105
- ["\xa3" "ab", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
106
- ["\xa3" "ab", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
107
- ["\xa3" "ab", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
108
- ["\xd1\x91", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O", "$2x$05$6bNw2HLQYeqHYyBfLMsv/OiwqTymGIGzFsA4hOTWebfehXHNprcAS"],
109
- ["\xd0\xc1\xd2\xcf\xcc\xd8", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O9LIGgn8OMzuDoHfof8AQimSGfcSWxnS"],
110
- ["\xaa"*72+"chars after 72 are ignored as usual", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6"],
111
- ["\xaa\x55"*36, "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.R9xrDjiycxMbQE2bp.vgqlYpW5wx2yy"],
112
- ["\x55\xaa\xff"*24, "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.9tQZzcJfm3uj2NvJ/n5xkhpqLrMpWCe"],
113
- ["", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy"],
114
-
115
- # test vectors from the Java implementation, found in https://github.com/spring-projects/spring-security/blob/master/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
116
- ["", "$2a$06$DCq7YPn5Rq63x1Lad4cll.", "$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s."],
117
- ["", "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.", "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.Tl.ZHfXLhvt/SgVyWhQqgqcZ7ZuUtye"],
118
- ["", "$2a$10$k1wbIrmNyFAPwPVPSVa/ze", "$2a$10$k1wbIrmNyFAPwPVPSVa/zecw2BCEnBwVS2GbrmgzxFUOqW9dk4TCW"],
119
- ["", "$2a$12$k42ZFHFWqBp3vWli.nIn8u", "$2a$12$k42ZFHFWqBp3vWli.nIn8uYyIkbvYRvodzbfbK18SSsY.CsIQPlxO"],
120
- ["", "$2b$06$8eVN9RiU8Yki430X.wBvN.", "$2b$06$8eVN9RiU8Yki430X.wBvN.LWaqh2962emLVSVXVZIXJvDYLsV0oFu"],
121
- ["", "$2b$06$NlgfNgpIc6GlHciCkMEW8u", "$2b$06$NlgfNgpIc6GlHciCkMEW8uKOBsyvAp7QwlHpysOlKdtyEw50WQua2"],
122
- ["", "$2y$06$mFDtkz6UN7B3GZ2qi2hhaO", "$2y$06$mFDtkz6UN7B3GZ2qi2hhaO3OFWzNEdcY84ELw6iHCPruuQfSAXBLK"],
123
- ["", "$2y$06$88kSqVttBx.e9iXTPCLa5u", "$2y$06$88kSqVttBx.e9iXTPCLa5uFPrVFjfLH4D.KcO6pBiAmvUkvdg0EYy"],
124
- ["a", "$2a$06$m0CrhHm10qJ3lXRY.5zDGO", "$2a$06$m0CrhHm10qJ3lXRY.5zDGO3rS2KdeeWLuGmsfGlMfOxih58VYVfxe"],
125
- ["a", "$2a$08$cfcvVd2aQ8CMvoMpP2EBfe", "$2a$08$cfcvVd2aQ8CMvoMpP2EBfeodLEkkFJ9umNEfPD18.hUF62qqlC/V."],
126
- ["a", "$2a$10$k87L/MF28Q673VKh8/cPi.", "$2a$10$k87L/MF28Q673VKh8/cPi.SUl7MU/rWuSiIDDFayrKk/1tBsSQu4u"],
127
- ["a", "$2a$12$8NJH3LsPrANStV6XtBakCe", "$2a$12$8NJH3LsPrANStV6XtBakCez0cKHXVxmvxIlcz785vxAIZrihHZpeS"],
128
- ["a", "$2b$06$ehKGYiS4wt2HAr7KQXS5z.", "$2b$06$ehKGYiS4wt2HAr7KQXS5z.OaRjB4jHO7rBHJKlGXbqEH3QVJfO7iO"],
129
- ["a", "$2b$06$PWxFFHA3HiCD46TNOZh30e", "$2b$06$PWxFFHA3HiCD46TNOZh30eNto1hg5uM9tHBlI4q/b03SW/gGKUYk6"],
130
- ["a", "$2y$06$LUdD6/aD0e/UbnxVAVbvGu", "$2y$06$LUdD6/aD0e/UbnxVAVbvGuUmIoJ3l/OK94ThhadpMWwKC34LrGEey"],
131
- ["a", "$2y$06$eqgY.T2yloESMZxgp76deO", "$2y$06$eqgY.T2yloESMZxgp76deOROa7nzXDxbO0k.PJvuClTa.Vu1AuemG"],
132
- ["abc", "$2a$06$If6bvum7DFjUnE9p2uDeDu", "$2a$06$If6bvum7DFjUnE9p2uDeDu0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i"],
133
- ["abc", "$2a$08$Ro0CUfOqk6cXEKf3dyaM7O", "$2a$08$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm"],
134
- ["abc", "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.", "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.hLA2W6N9AEBhEgrAOljy2Ae5MtaSIUi"],
135
- ["abc", "$2a$12$EXRkfkdmXn2gzds2SSitu.", "$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q"],
136
- ["abc", "$2b$06$5FyQoicpbox1xSHFfhhdXu", "$2b$06$5FyQoicpbox1xSHFfhhdXuR2oxLpO1rYsQh5RTkI/9.RIjtoF0/ta"],
137
- ["abc", "$2b$06$1kJyuho8MCVP3HHsjnRMkO", "$2b$06$1kJyuho8MCVP3HHsjnRMkO1nvCOaKTqLnjG2TX1lyMFbXH/aOkgc."],
138
- ["abc", "$2y$06$ACfku9dT6.H8VjdKb8nhlu", "$2y$06$ACfku9dT6.H8VjdKb8nhluaoBmhJyK7GfoNScEfOfrJffUxoUeCjK"],
139
- ["abc", "$2y$06$9JujYcoWPmifvFA3RUP90e", "$2y$06$9JujYcoWPmifvFA3RUP90e5rSEHAb5Ye6iv3.G9ikiHNv5cxjNEse"],
140
- ["abcdefghijklmnopqrstuvwxyz", "$2a$06$.rCVZVOThsIa97pEDOxvGu", "$2a$06$.rCVZVOThsIa97pEDOxvGuRRgzG64bvtJ0938xuqzv18d3ZpQhstC"],
141
- ["abcdefghijklmnopqrstuvwxyz", "$2a$08$aTsUwsyowQuzRrDqFflhge", "$2a$08$aTsUwsyowQuzRrDqFflhgekJ8d9/7Z3GV3UcgvzQW3J5zMyrTvlz."],
142
- ["abcdefghijklmnopqrstuvwxyz", "$2a$10$fVH8e28OQRj9tqiDXs1e1u", "$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq"],
143
- ["abcdefghijklmnopqrstuvwxyz", "$2a$12$D4G5f18o7aMMfwasBL7Gpu", "$2a$12$D4G5f18o7aMMfwasBL7GpuQWuP3pkrZrOAnqP.bmezbMng.QwJ/pG"],
144
- ["abcdefghijklmnopqrstuvwxyz", "$2b$06$O8E89AQPj1zJQA05YvIAU.", "$2b$06$O8E89AQPj1zJQA05YvIAU.hMpj25BXri1bupl/Q7CJMlpLwZDNBoO"],
145
- ["abcdefghijklmnopqrstuvwxyz", "$2b$06$PDqIWr./o/P3EE/P.Q0A/u", "$2b$06$PDqIWr./o/P3EE/P.Q0A/uFg86WL/PXTbaW267TDALEwDylqk00Z."],
146
- ["abcdefghijklmnopqrstuvwxyz", "$2y$06$34MG90ZLah8/ZNr3ltlHCu", "$2y$06$34MG90ZLah8/ZNr3ltlHCuz6bachF8/3S5jTuzF1h2qg2cUk11sFW"],
147
- ["abcdefghijklmnopqrstuvwxyz", "$2y$06$AK.hSLfMyw706iEW24i68u", "$2y$06$AK.hSLfMyw706iEW24i68uKAc2yorPTrB0cimvjJHEBUrPkOq7VvG"],
148
- ["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$06$fPIsBO8qRqkjj273rfaOI.", "$2a$06$fPIsBO8qRqkjj273rfaOI.HtSV9jLDpTbZn782DC6/t7qT67P6FfO"],
149
- ["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$08$Eq2r4G/76Wv39MzSX262hu", "$2a$08$Eq2r4G/76Wv39MzSX262huzPz612MZiYHVUJe/OcOql2jo4.9UxTW"],
150
- ["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$10$LgfYWkbzEvQ4JakH7rOvHe", "$2a$10$LgfYWkbzEvQ4JakH7rOvHe0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS"],
151
- ["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$12$WApznUOJfkEGSmYRfnkrPO", "$2a$12$WApznUOJfkEGSmYRfnkrPOr466oFDCaj4b6HY3EXGvfxm43seyhgC"],
152
- ["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2b$06$FGWA8OlY6RtQhXBXuCJ8Wu", "$2b$06$FGWA8OlY6RtQhXBXuCJ8WusVipRI15cWOgJK8MYpBHEkktMfbHRIG"],
153
- ["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2b$06$G6aYU7UhUEUDJBdTgq3CRe", "$2b$06$G6aYU7UhUEUDJBdTgq3CRekiopCN4O4sNitFXrf5NUscsVZj3a2r6"],
154
- ["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2y$06$sYDFHqOcXTjBgOsqC0WCKe", "$2y$06$sYDFHqOcXTjBgOsqC0WCKeMd3T1UhHuWQSxncLGtXDLMrcE6vFDti"],
155
- ["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2y$06$6Xm0gCw4g7ZNDCEp4yTise", "$2y$06$6Xm0gCw4g7ZNDCEp4yTisez0kSdpXEl66MvdxGidnmChIe8dFmMnq"]
156
- ]
157
- for secret, salt, test_vector in test_vectors
158
- expect(BCrypt::Engine.hash_secret(secret, salt)).to eql(test_vector)
159
- end
160
- end
161
-
162
- specify "should truncate long 1-byte character secrets to 72 bytes" do
163
- # 'b' as a base triggers the failure at 256 characters, but 'a' does not.
164
- too_long_secret = 'b'*(BCrypt::Engine::MAX_SECRET_BYTESIZE + 1)
165
- just_right_secret = 'b'*BCrypt::Engine::MAX_SECRET_BYTESIZE
166
- expect(BCrypt::Engine.hash_secret(too_long_secret, @salt)).to eq(BCrypt::Engine.hash_secret(just_right_secret, @salt))
167
- end
168
-
169
- specify "should truncate long multi-byte character secrets to 72 bytes" do
170
- # 256 times causes bcrypt to return nil for libxcrypt > 4.4.18-4.
171
- too_long_secret = '𐐷'*256
172
- # 𐐷 takes 4 bytes in UTF-8. 18 times is 72 bytes
173
- just_right_secret = '𐐷'*18
174
- expect(BCrypt::Engine.hash_secret(too_long_secret, @salt)).to eq(BCrypt::Engine.hash_secret(just_right_secret, @salt))
175
- end
176
- end
@@ -1,37 +0,0 @@
1
- require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
2
-
3
- describe "Errors" do
4
-
5
- shared_examples "descends from StandardError" do
6
- it "can be rescued as a StandardError" do
7
- expect(described_class).to be < StandardError
8
- end
9
- end
10
-
11
- shared_examples "descends from BCrypt::Error" do
12
- it "can be rescued as a BCrypt::Error" do
13
- expect(described_class).to be < BCrypt::Error
14
- end
15
- end
16
-
17
- describe BCrypt::Error do
18
- include_examples "descends from StandardError"
19
- end
20
-
21
- describe BCrypt::Errors::InvalidCost do
22
- include_examples "descends from BCrypt::Error"
23
- end
24
-
25
- describe BCrypt::Errors::InvalidHash do
26
- include_examples "descends from BCrypt::Error"
27
- end
28
-
29
- describe BCrypt::Errors::InvalidSalt do
30
- include_examples "descends from BCrypt::Error"
31
- end
32
-
33
- describe BCrypt::Errors::InvalidSecret do
34
- include_examples "descends from BCrypt::Error"
35
- end
36
-
37
- end
@@ -1,131 +0,0 @@
1
- require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
2
- require 'securerandom'
3
-
4
- describe "Creating a hashed password" do
5
-
6
- before :each do
7
- @secret = "wheedle"
8
- @password = BCrypt::Password.create(@secret, :cost => 4)
9
- end
10
-
11
- specify "should return a BCrypt::Password" do
12
- expect(@password).to be_an_instance_of(BCrypt::Password)
13
- end
14
-
15
- specify "should return a valid bcrypt password" do
16
- expect { BCrypt::Password.new(@password) }.not_to raise_error
17
- end
18
-
19
- specify "should behave normally if the secret is not a string" do
20
- expect { BCrypt::Password.create(nil) }.not_to raise_error
21
- expect { BCrypt::Password.create({:woo => "yeah"}) }.not_to raise_error
22
- expect { BCrypt::Password.create(false) }.not_to raise_error
23
- end
24
-
25
- specify "should tolerate empty string secrets" do
26
- expect { BCrypt::Password.create( "\n".chop ) }.not_to raise_error
27
- expect { BCrypt::Password.create( "" ) }.not_to raise_error
28
- expect { BCrypt::Password.create( String.new ) }.not_to raise_error
29
- end
30
-
31
- specify "should tolerate very long string secrets" do
32
- expect { BCrypt::Password.create("abcd"*1024) }.not_to raise_error
33
- end
34
- end
35
-
36
- describe "Reading a hashed password" do
37
- before :each do
38
- @secret = "U*U"
39
- @hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
40
- end
41
-
42
- specify "the cost is too damn high" do
43
- expect {
44
- BCrypt::Password.create("hello", :cost => 32)
45
- }.to raise_error(ArgumentError)
46
- end
47
-
48
- specify "the cost should be set to the default if nil" do
49
- expect(BCrypt::Password.create("hello", :cost => nil).cost).to equal(BCrypt::Engine::DEFAULT_COST)
50
- end
51
-
52
- specify "the cost should be set to the default if empty hash" do
53
- expect(BCrypt::Password.create("hello", {}).cost).to equal(BCrypt::Engine::DEFAULT_COST)
54
- end
55
-
56
- specify "the cost should be set to the passed value if provided" do
57
- expect(BCrypt::Password.create("hello", :cost => 5).cost).to equal(5)
58
- end
59
-
60
- specify "the cost should be set to the global value if set" do
61
- BCrypt::Engine.cost = 5
62
- expect(BCrypt::Password.create("hello").cost).to equal(5)
63
- # unset the global value to not affect other tests
64
- BCrypt::Engine.cost = nil
65
- end
66
-
67
- specify "the cost should be set to an overridden constant for backwards compatibility" do
68
- # suppress "already initialized constant" warning
69
- old_verbose, $VERBOSE = $VERBOSE, nil
70
- old_default_cost = BCrypt::Engine::DEFAULT_COST
71
-
72
- BCrypt::Engine::DEFAULT_COST = 5
73
- expect(BCrypt::Password.create("hello").cost).to equal(5)
74
-
75
- # reset default to not affect other tests
76
- BCrypt::Engine::DEFAULT_COST = old_default_cost
77
- $VERBOSE = old_verbose
78
- end
79
-
80
- specify "should read the version, cost, salt, and hash" do
81
- password = BCrypt::Password.new(@hash)
82
- expect(password.version).to eql("2a")
83
- expect(password.version.class).to eq String
84
- expect(password.cost).to equal(5)
85
- expect(password.salt).to eql("$2a$05$CCCCCCCCCCCCCCCCCCCCC.")
86
- expect(password.salt.class).to eq String
87
- expect(password.checksum).to eq("E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW")
88
- expect(password.checksum.class).to eq String
89
- expect(password.to_s).to eql(@hash)
90
- end
91
-
92
- specify "should raise an InvalidHashError when given an invalid hash" do
93
- expect { BCrypt::Password.new('weedle') }.to raise_error(BCrypt::Errors::InvalidHash)
94
- end
95
- end
96
-
97
- describe "Comparing a hashed password with a secret" do
98
- before :each do
99
- @secret = "U*U"
100
- @hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
101
- @password = BCrypt::Password.create(@secret)
102
- end
103
-
104
- specify "should compare successfully to the original secret" do
105
- expect((@password == @secret)).to be(true)
106
- end
107
-
108
- specify "should compare unsuccessfully to anything besides original secret" do
109
- expect((@password == "@secret")).to be(false)
110
- end
111
- end
112
-
113
- describe "Validating a generated salt" do
114
- specify "should not accept an invalid salt" do
115
- expect(BCrypt::Engine.valid_salt?("invalid")).to eq(false)
116
- expect(BCrypt::Engine.valid_salt?("invalid\n#{BCrypt::Engine.generate_salt}\ninvalid")).to eq(false)
117
- end
118
- specify "should accept a valid salt" do
119
- expect(BCrypt::Engine.valid_salt?(BCrypt::Engine.generate_salt)).to eq(true)
120
- end
121
- end
122
-
123
- describe "Validating a password hash" do
124
- specify "should not accept an invalid password" do
125
- expect(BCrypt::Password.valid_hash?("i_am_so_not_valid")).to be(false)
126
- expect(BCrypt::Password.valid_hash?("invalid\n#{BCrypt::Password.create "i_am_so_valid"}\ninvalid")).to be(false)
127
- end
128
- specify "should accept a valid password" do
129
- expect(BCrypt::Password.valid_hash?(BCrypt::Password.create "i_am_so_valid")).to be(true)
130
- end
131
- end
data/spec/spec_helper.rb DELETED
@@ -1,2 +0,0 @@
1
- $:.unshift File.expand_path('../../lib', __FILE__)
2
- require 'bcrypt'