Method: BCrypt::Password#==
- Defined in:
- lib/bcrypt/password.rb
#==(secret) ⇒ Object Also known as: is_password?
Compares a potential secret against the hash. Returns true if the secret is the original secret, false otherwise.
Comparison edge case/gotcha:
secret = "my secret"
@password = BCrypt::Password.create(secret)
@password == secret # => True
@password == @password # => False
@password == @password.to_s # => False
@password.to_s == @password # => True
@password.to_s == @password.to_s # => True
secret == @password # => probably False, because the secret is not a BCrypt::Password instance.
78 79 80 81 82 83 84 85 86 87 |
# File 'lib/bcrypt/password.rb', line 78 def ==(secret) hash = BCrypt::Engine.hash_secret(secret, @salt) return false if hash.strip.empty? || strip.empty? || hash.bytesize != bytesize # Constant time comparison so they can't tell the length. res = 0 bytesize.times { |i| res |= getbyte(i) ^ hash.getbyte(i) } res == 0 end |