bcrypt 3.1.11 → 3.1.12.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +11 -9
- data/.travis.yml +13 -8
- data/CHANGELOG +4 -0
- data/Gemfile.lock +4 -4
- data/README.md +57 -68
- data/Rakefile +4 -0
- data/appveyor.yml +50 -0
- data/bcrypt.gemspec +1 -1
- data/ext/mri/bcrypt_ext.c +1 -1
- metadata +7 -6
checksums.yaml
CHANGED
@@ -1,15 +1,17 @@
|
|
1
1
|
---
|
2
|
-
!binary "
|
2
|
+
!binary "U0hBMjU2":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
MzFlOTc3ZGIxZjAwMzAzMTE5YzdlMDk2ZTNlMzVjZjkwMWM5MmVjYzczNWZl
|
5
|
+
OGM5YmFiY2Y2MmU0MjliMTc0Nw==
|
5
6
|
data.tar.gz: !binary |-
|
6
|
-
|
7
|
+
YTlmNWYxNjBkNjBkNjhkYTc2YzQxZjNmYjAwZTE5NjcyYjg3YmMwZjlkN2I3
|
8
|
+
YWMwYTNlMTYwNmMwZmYzNzM0Mg==
|
7
9
|
SHA512:
|
8
10
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
11
|
+
ZGQxMmVkMzkwY2ExZjQwZWQ2NmU1YjJhZWU0MzI4ZTgxMzhmOTA4ZmJmYWI0
|
12
|
+
NGJkYjg5NDIzM2UzYzdkNWFjMmRmODI2OWE2NjAwOGNjZmI2ZTM3ZGVlYzM4
|
13
|
+
ZTIxNTI5YmQ1NmI1Njg3MjU5MWNjOWJmNGY2NzExMWQ3ZjU3NTc=
|
12
14
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
15
|
+
ZDk4MDk4ZDllOWY3OTgxZjBjODM5ZDUyMDNiYjE0YjI1ZmIzM2NlNTNmZDVl
|
16
|
+
ZjJiZTY2NWM5OTQzOGE2MTcwMTZjOTkxOGM0YjViZWVmOGExODRjYTg5YjA5
|
17
|
+
YzhmZDYzMjIzNDdkYmRmOTdhYjFiOTBkNDA1MTdjYTM0MGZhMWU=
|
data/.travis.yml
CHANGED
@@ -1,16 +1,21 @@
|
|
1
1
|
language: ruby
|
2
|
+
before_install:
|
3
|
+
- gem update --system
|
4
|
+
- gem install bundler
|
2
5
|
rvm:
|
3
|
-
- 1.8
|
4
|
-
- 1.9
|
5
|
-
-
|
6
|
-
- 2.
|
7
|
-
- 2.
|
8
|
-
- 2.
|
9
|
-
- 2.
|
6
|
+
- 1.8
|
7
|
+
- 1.9
|
8
|
+
- 2.0
|
9
|
+
- 2.1
|
10
|
+
- 2.2
|
11
|
+
- 2.3
|
12
|
+
- 2.4
|
13
|
+
- 2.5
|
14
|
+
- 2.6
|
10
15
|
- ruby-head
|
11
16
|
- jruby-18mode
|
12
17
|
- jruby-19mode
|
13
18
|
- jruby-head
|
14
|
-
- rbx-
|
19
|
+
- rbx-3
|
15
20
|
- ree
|
16
21
|
script: bundle exec rake
|
data/CHANGELOG
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
bcrypt (3.1.
|
4
|
+
bcrypt (3.1.12.rc1)
|
5
5
|
|
6
6
|
GEM
|
7
7
|
remote: https://rubygems.org/
|
8
8
|
specs:
|
9
9
|
diff-lcs (1.2.5)
|
10
|
-
json (1.8.
|
11
|
-
json (1.8.
|
10
|
+
json (1.8.6)
|
11
|
+
json (1.8.6-java)
|
12
12
|
rake (10.4.2)
|
13
13
|
rake-compiler (0.9.5)
|
14
14
|
rake
|
@@ -41,4 +41,4 @@ DEPENDENCIES
|
|
41
41
|
rspec (>= 3)
|
42
42
|
|
43
43
|
BUNDLED WITH
|
44
|
-
1.
|
44
|
+
1.16.1
|
data/README.md
CHANGED
@@ -30,8 +30,8 @@ re-hash those passwords. This vulnerability only affected the JRuby gem.
|
|
30
30
|
The bcrypt gem is available on the following ruby platforms:
|
31
31
|
|
32
32
|
* JRuby
|
33
|
-
* RubyInstaller 1.8, 1.9, 2.0, 2.1,
|
34
|
-
* Any 1.8, 1.9, 2.0, 2.1, 2.2, or 2.
|
33
|
+
* RubyInstaller 1.8, 1.9, 2.0, 2.1, 2.2, 2.3, 2.4, and 2.5 builds on Windows
|
34
|
+
* Any 1.8, 1.9, 2.0, 2.1, 2.2, 2.3, 2.4, or 2.5 Ruby on a BSD/OS X/Linux system with a compiler
|
35
35
|
|
36
36
|
## How to use `bcrypt()` in your Rails application
|
37
37
|
|
@@ -40,69 +40,58 @@ The bcrypt gem is available on the following ruby platforms:
|
|
40
40
|
implements a similar authentication strategy to the code below.
|
41
41
|
|
42
42
|
### The _User_ model
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
43
|
+
```ruby
|
44
|
+
require 'bcrypt'
|
45
|
+
|
46
|
+
class User < ActiveRecord::Base
|
47
|
+
# users.password_hash in the database is a :string
|
48
|
+
include BCrypt
|
49
|
+
|
50
|
+
def password
|
51
|
+
@password ||= Password.new(password_hash)
|
52
|
+
end
|
53
|
+
|
54
|
+
def password=(new_password)
|
55
|
+
@password = Password.create(new_password)
|
56
|
+
self.password_hash = @password
|
57
|
+
end
|
58
|
+
end
|
59
|
+
```
|
60
60
|
### Creating an account
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
61
|
+
```ruby
|
62
|
+
def create
|
63
|
+
@user = User.new(params[:user])
|
64
|
+
@user.password = params[:password]
|
65
|
+
@user.save!
|
66
|
+
end
|
67
|
+
```
|
68
68
|
### Authenticating a user
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
### If a user forgets their password?
|
80
|
-
|
81
|
-
# assign them a random one and mail it to them, asking them to change it
|
82
|
-
def forgot_password
|
83
|
-
@user = User.find_by_email(params[:email])
|
84
|
-
random_password = Array.new(10).map { (65 + rand(58)).chr }.join
|
85
|
-
@user.password = random_password
|
86
|
-
@user.save!
|
87
|
-
Mailer.create_and_deliver_password_change(@user, random_password)
|
88
|
-
end
|
89
|
-
|
69
|
+
```ruby
|
70
|
+
def login
|
71
|
+
@user = User.find_by_email(params[:email])
|
72
|
+
if @user.password == params[:password]
|
73
|
+
give_token
|
74
|
+
else
|
75
|
+
redirect_to home_url
|
76
|
+
end
|
77
|
+
end
|
78
|
+
```
|
90
79
|
## How to use bcrypt-ruby in general
|
80
|
+
```ruby
|
81
|
+
require 'bcrypt'
|
91
82
|
|
92
|
-
|
93
|
-
|
94
|
-
my_password = BCrypt::Password.create("my password")
|
95
|
-
#=> "$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa"
|
96
|
-
|
97
|
-
my_password.version #=> "2a"
|
98
|
-
my_password.cost #=> 10
|
99
|
-
my_password == "my password" #=> true
|
100
|
-
my_password == "not my password" #=> false
|
83
|
+
my_password = BCrypt::Password.create("my password")
|
84
|
+
#=> "$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa"
|
101
85
|
|
102
|
-
|
103
|
-
|
104
|
-
|
86
|
+
my_password.version #=> "2a"
|
87
|
+
my_password.cost #=> 10
|
88
|
+
my_password == "my password" #=> true
|
89
|
+
my_password == "not my password" #=> false
|
105
90
|
|
91
|
+
my_password = BCrypt::Password.new("$2a$10$vI8aWBnW3fID.ZQ4/zo1G.q1lRps.9cGLcZEiGDMVr5yUP1KUOYTa")
|
92
|
+
my_password == "my password" #=> true
|
93
|
+
my_password == "not my password" #=> false
|
94
|
+
```
|
106
95
|
Check the rdocs for more details -- BCrypt, BCrypt::Password.
|
107
96
|
|
108
97
|
## How `bcrypt()` works
|
@@ -171,15 +160,15 @@ stateless authentication architecture (e.g., HTTP Basic Auth), you will want to
|
|
171
160
|
server load and keep your request times down. This will lower the security provided you, but there are few alternatives.
|
172
161
|
|
173
162
|
To change the default cost factor used by bcrypt-ruby, use `BCrypt::Engine.cost = new_value`:
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
163
|
+
```ruby
|
164
|
+
BCrypt::Password.create('secret').cost
|
165
|
+
#=> 10, the default provided by bcrypt-ruby
|
166
|
+
|
167
|
+
# set a new default cost
|
168
|
+
BCrypt::Engine.cost = 8
|
169
|
+
BCrypt::Password.create('secret').cost
|
170
|
+
#=> 8
|
171
|
+
```
|
183
172
|
The default cost can be overridden as needed by passing an options hash with a different cost:
|
184
173
|
|
185
174
|
BCrypt::Password.create('secret', :cost => 6).cost #=> 6
|
data/Rakefile
CHANGED
data/appveyor.yml
ADDED
@@ -0,0 +1,50 @@
|
|
1
|
+
###############################################################################
|
2
|
+
#
|
3
|
+
# This AppVeyor config is *NOT* for running the tests on Windows.
|
4
|
+
#
|
5
|
+
# This is to ensure that the latest version of the bcrypt gem can be installed
|
6
|
+
# on Windows across all of the currently supported versions of Ruby.
|
7
|
+
#
|
8
|
+
###############################################################################
|
9
|
+
|
10
|
+
version: "{branch}-{build}"
|
11
|
+
build: off
|
12
|
+
clone_depth: 1
|
13
|
+
|
14
|
+
init:
|
15
|
+
# Install Ruby 1.8.7
|
16
|
+
- if %RUBY_VERSION%==187 (
|
17
|
+
appveyor DownloadFile https://dl.bintray.com/oneclick/rubyinstaller/rubyinstaller-1.8.7-p374.exe -FileName C:\ruby_187.exe &
|
18
|
+
C:\ruby_187.exe /verysilent /dir=C:\Ruby%RUBY_VERSION%
|
19
|
+
)
|
20
|
+
|
21
|
+
environment:
|
22
|
+
matrix:
|
23
|
+
- RUBY_VERSION: "187"
|
24
|
+
- RUBY_VERSION: "193"
|
25
|
+
- RUBY_VERSION: "200"
|
26
|
+
- RUBY_VERSION: "200-x64"
|
27
|
+
- RUBY_VERSION: "21"
|
28
|
+
- RUBY_VERSION: "21-x64"
|
29
|
+
- RUBY_VERSION: "22"
|
30
|
+
- RUBY_VERSION: "22-x64"
|
31
|
+
- RUBY_VERSION: "23"
|
32
|
+
- RUBY_VERSION: "23-x64"
|
33
|
+
- RUBY_VERSION: "24"
|
34
|
+
- RUBY_VERSION: "24-x64"
|
35
|
+
- RUBY_VERSION: "25"
|
36
|
+
- RUBY_VERSION: "25-x64"
|
37
|
+
|
38
|
+
install:
|
39
|
+
- set PATH=C:\Ruby%RUBY_VERSION%\bin;%PATH%
|
40
|
+
- if %RUBY_VERSION%==187 (
|
41
|
+
gem update --system 2.0.17
|
42
|
+
)
|
43
|
+
|
44
|
+
before_test:
|
45
|
+
- ruby -v
|
46
|
+
- gem -v
|
47
|
+
|
48
|
+
test_script:
|
49
|
+
- gem install bcrypt --prerelease --no-ri --no-rdoc
|
50
|
+
- ruby -e "require 'rubygems'; require 'bcrypt'"
|
data/bcrypt.gemspec
CHANGED
data/ext/mri/bcrypt_ext.c
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bcrypt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.1.
|
4
|
+
version: 3.1.12.rc1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Coda Hale
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2018-05-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake-compiler
|
@@ -63,9 +63,9 @@ extra_rdoc_files:
|
|
63
63
|
- README.md
|
64
64
|
- COPYING
|
65
65
|
- CHANGELOG
|
66
|
+
- lib/bcrypt/password.rb
|
66
67
|
- lib/bcrypt/engine.rb
|
67
68
|
- lib/bcrypt/error.rb
|
68
|
-
- lib/bcrypt/password.rb
|
69
69
|
- lib/bcrypt.rb
|
70
70
|
files:
|
71
71
|
- .gitignore
|
@@ -77,6 +77,7 @@ files:
|
|
77
77
|
- Gemfile.lock
|
78
78
|
- README.md
|
79
79
|
- Rakefile
|
80
|
+
- appveyor.yml
|
80
81
|
- bcrypt.gemspec
|
81
82
|
- ext/jruby/bcrypt_jruby/BCrypt.java
|
82
83
|
- ext/mri/bcrypt_ext.c
|
@@ -117,12 +118,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
117
118
|
version: '0'
|
118
119
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
119
120
|
requirements:
|
120
|
-
- - ! '
|
121
|
+
- - ! '>'
|
121
122
|
- !ruby/object:Gem::Version
|
122
|
-
version:
|
123
|
+
version: 1.3.1
|
123
124
|
requirements: []
|
124
125
|
rubyforge_project:
|
125
|
-
rubygems_version: 2.
|
126
|
+
rubygems_version: 2.7.6
|
126
127
|
signing_key:
|
127
128
|
specification_version: 4
|
128
129
|
summary: OpenBSD's bcrypt() password hashing algorithm.
|