Class: Passlib::BCrypt

Inherits:

Password

• Object
• Password
• Passlib::BCrypt

Defined in:

lib/passlib/bcrypt.rb

Overview

Handles bcrypt password hashing via the bcrypt gem.

Recognized hash formats: $2a$, $2b$, $2x$, $2y$ (all variants are accepted on load, new hashes are always produced in $2a$ format by the underlying gem).

Examples:

hash = Passlib::BCrypt.create("hunter2", cost: 12)
hash.verify("hunter2")  # => true
hash.to_s               # => "$2a$12$..."

Constant Summary

Constants included from Internal::DSL

Internal::DSL::Config

Instance Attribute Summary

Attributes inherited from Password

#config, #string

Class Method Summary

• .create(secret, **options) ⇒ BCrypt

  Creates a new bcrypt hash.

Instance Method Summary

• #create(secret) ⇒ Object
• #create_comparable(secret) ⇒ BCrypt

  A new instance hashed with the same salt.

• #load(string) ⇒ Object
• #upgrade? ⇒ Boolean

Methods inherited from Password

available?, #initialize, #inspect, load, #pretty_print, #verify

Methods included from Internal::DSL

#identifier

Constructor Details

This class inherits a constructor from Passlib::Password

Class Method Details

.create(secret, **options) ⇒ BCrypt

Creates a new bcrypt hash.

Parameters:

• secret (String) —

  the plaintext password

Options Hash (**options):

• :salt (String) —

  custom bcrypt salt string (normally auto-generated, must include the cost factor in standard bcrypt format)

• :cost (Integer) —

  bcrypt cost factor, 4–31 (default: BCrypt::Engine::DEFAULT_COST)

Returns:

• (BCrypt)

# File 'lib/passlib/bcrypt.rb', line 23

class BCrypt < Password
  external "bcrypt", "~> 3.0"
  register mcf: %w[2a 2b 2x 2y]
  options :salt, :cost

  # @param secret [String] the plaintext password to re-hash
  # @return [BCrypt] a new instance hashed with the same salt
  def create_comparable(secret) = self.class.create(secret, salt: @salt)

  def upgrade?
    cost = @salt.split("$")[2].to_i
    cost != (config.cost || ::BCrypt::Engine::DEFAULT_COST)
  end

  def create(secret)
    @salt = config.salt || ::BCrypt::Engine.generate_salt(config.cost || ::BCrypt::Engine::DEFAULT_COST)
    ::BCrypt::Engine.hash_secret(secret, @salt)
  end

  def load(string)
    bcrypt = ::BCrypt::Password.new(string)
    @salt = bcrypt.salt
    bcrypt.to_str
  end
end

Instance Method Details

#create(secret) ⇒ Object

# File 'lib/passlib/bcrypt.rb', line 37

def create(secret)
  @salt = config.salt || ::BCrypt::Engine.generate_salt(config.cost || ::BCrypt::Engine::DEFAULT_COST)
  ::BCrypt::Engine.hash_secret(secret, @salt)
end

#create_comparable(secret) ⇒ BCrypt

Returns a new instance hashed with the same salt.

Parameters:

• secret (String) —

  the plaintext password to re-hash

Returns:

• (BCrypt) —

  a new instance hashed with the same salt

# File 'lib/passlib/bcrypt.rb', line 30

def create_comparable(secret) = self.class.create(secret, salt: @salt)

#load(string) ⇒ Object

# File 'lib/passlib/bcrypt.rb', line 42

def load(string)
  bcrypt = ::BCrypt::Password.new(string)
  @salt = bcrypt.salt
  bcrypt.to_str
end

#upgrade? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/passlib/bcrypt.rb', line 32

def upgrade?
  cost = @salt.split("$")[2].to_i
  cost != (config.cost || ::BCrypt::Engine::DEFAULT_COST)
end