View Source AshAuthentication.BcryptProvider (ash_authentication v4.0.0)

Provides the default implementation of AshAuthentication.HashProvider using Bcrypt.

Summary

Functions

Given some user input as a string, convert it into it's hashed form using Bcrypt.

Simulate a password check to help avoid timing attacks.

Check if the user input matches the hash.

Functions

@spec hash(String.t()) :: {:ok, String.t()} | :error

Given some user input as a string, convert it into it's hashed form using Bcrypt.

Example

iex> {:ok, hashed} = hash("Marty McFly")
...> String.starts_with?(hashed, "$2b$04$")
true
@spec simulate() :: false

Simulate a password check to help avoid timing attacks.

Example

iex> simulate()
false
@spec valid?(input :: String.t(), hash :: String.t()) :: boolean()

Check if the user input matches the hash.

Example

iex> valid?("Marty McFly", "$2b$04$qgacrnrAJz8aPwaVQiGJn.PvryldV.NfOSYYvF/CZAGgMvvzhIE7S")
true