Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates a bcrypt() password hash. Secrets longer than 72 bytes are truncated.
(secret, salt, _ = nil)
| 53 | # Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates |
| 54 | # a bcrypt() password hash. Secrets longer than 72 bytes are truncated. |
| 55 | def self.hash_secret(secret, salt, _ = nil) |
| 56 | unless _.nil? |
| 57 | warn "[DEPRECATION] Passing the third argument to " \ |
| 58 | "`BCrypt::Engine.hash_secret` is deprecated. " \ |
| 59 | "Please do not pass the third argument which " \ |
| 60 | "is currently not used." |
| 61 | end |
| 62 | |
| 63 | if valid_secret?(secret) |
| 64 | if valid_salt?(salt) |
| 65 | if RUBY_PLATFORM == "java" |
| 66 | Java.bcrypt_jruby.BCrypt.hashpw(secret.to_s.to_java_bytes, salt.to_s) |
| 67 | else |
| 68 | secret = secret.to_s |
| 69 | secret = secret.byteslice(0, MAX_SECRET_BYTESIZE) if secret && secret.bytesize > MAX_SECRET_BYTESIZE |
| 70 | __bc_crypt(secret, salt) |
| 71 | end |
| 72 | else |
| 73 | raise Errors::InvalidSalt.new("invalid salt") |
| 74 | end |
| 75 | else |
| 76 | raise Errors::InvalidSecret.new("invalid secret") |
| 77 | end |
| 78 | end |
| 79 | |
| 80 | # Generates a random salt with a given computational cost. |
| 81 | def self.generate_salt(cost = self.cost) |
no test coverage detected