Class: ZeroAuth::Utils

Inherits:

Object

Object
ZeroAuth::Utils

show all

Defined in:: lib/zero_auth/utils.rb

Overview

Provides general helper methods used throughout the ZeroAuth library.

Class Method Summary collapse

.secure_compare(a, b) ⇒ Boolean
Uses a "constant time" comparison algorithm I would never have thought about so I copied it line for line from Devise.secure_compare:.

Class Method Details

.secure_compare(a, b) ⇒ `Boolean`

Uses a "constant time" comparison algorithm I would never have thought about so I copied it line for line from Devise.secure_compare:

https://github.com/plataformatec/devise/blob/11c88754791322c8c4c5c123149f5435eda3b932/lib/devise.rb#L481

Returns:

(Boolean) —
true if they are equal, false if they aren't

# File 'lib/zero_auth/utils.rb', line 19

def self.secure_compare(a, b)
  return false if empty?(a) || empty?(b) || a.bytesize != b.bytesize
  l = a.unpack "C#{a.bytesize}"

  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end