Class: ZeroAuth::Password

Inherits:

Object

• Object
• ZeroAuth::Password

Defined in:

lib/zero_auth/password.rb

Overview

Provides helper methods for generating and comparing BCrypt passwords

Class Method Summary

• .compare(encrypted, salt, unencrypted) ⇒ Boolean

  Compares a given encrypted password and the salt used to generate it with an unencrypted_password.

• .create(password, salt) ⇒ BCrypt::Password

  Generates a BCrypt::Password using they Config#password_cost configuration value.

• .generate_salt ⇒ String

  Generates a password salt using BCrypt::Engine.generate_salt.

Class Method Details

.compare(encrypted, salt, unencrypted) ⇒ Boolean

Compares a given encrypted password and the salt used to generate it with an unencrypted_password. Uses Utils.secure_compare.

Parameters:

• encrypted (String) —

  the encrypted password

• salt (String) —

  the salt used to generate that password

• unencrypted (String) —

  the plain text password to compare

Returns:

• (Boolean) —

  true if they are equal, false if they aren't

# File 'lib/zero_auth/password.rb', line 38

def self.compare(encrypted, salt, unencrypted)
  bcrypt = BCrypt::Password.new(encrypted)
  password = BCrypt::Engine.hash_secret("#{unencrypted}#{salt}", bcrypt.salt)
  ZeroAuth::Utils.secure_compare(password, encrypted)
end

.create(password, salt) ⇒ BCrypt::Password

Generates a BCrypt::Password using they Config#password_cost configuration value.

Parameters:

• password (String) —

  the given password

• salt (Sting) —

  the password salt

Returns:

• (BCrypt::Password)

# File 'lib/zero_auth/password.rb', line 24

def self.create(password, salt)
  cost = ZeroAuth.config.password_cost
  BCrypt::Password.create("#{password}#{salt}", cost: cost)
end

.generate_salt ⇒ String

Generates a password salt using BCrypt::Engine.generate_salt

Returns:

• (String) —

  the password salt

# File 'lib/zero_auth/password.rb', line 12

def self.generate_salt
  BCrypt::Engine.generate_salt
end