Skip to content

Commit

Permalink
Validate Crypto::Bcrypt::Password is a valid hash
Browse files Browse the repository at this point in the history 
Resolves #5357

Signed-off-by: Mike Fiedler <miketheman@gmail.com>
  • Loading branch information
@miketheman
miketheman committed Jul 30, 2018
1 parent bae4086 commit ded97be
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
6 changes: 6 additions & 0 deletions spec/std/crypto/bcrypt/password_spec.cr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ describe "Crypto::Bcrypt::Password" do
it "parses digest" do
password.digest.should eq("weXJt7sno2HdPVrMvVf06kGgAZvPkga")
end

it "validates the hash string has the required amount of parts" do
expect_raises(Crypto::Bcrypt::Error, /Invalid hash string/) do
Crypto::Bcrypt::Password.new("blarp")
end
end
end

describe "create" do
Expand Down
1 change: 1 addition & 0 deletions src/crypto/bcrypt/password.cr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ class Crypto::Bcrypt::Password
# ```
def initialize(@raw_hash : String)
parts = @raw_hash.split('$')
raise Error.new("Invalid hash string") unless parts.size == 4

@version = parts[1]
@cost = parts[2].to_i
Expand Down

0 comments on commit ded97be

Please sign in to comment.