class Kemal::BasicAuth::BcryptVerifier

Overview

Verifier backed by bcrypt-hashed passwords.

Entries map a username to an existing bcrypt hash string (e.g. produced via Crypto::Bcrypt::Password.create("plain").to_s). Verification always performs a bcrypt computation (real or dummy) so that response time does not reveal whether the username exists.

hash = Crypto::Bcrypt::Password.create("xyz").to_s
verifier = Kemal::BasicAuth::BcryptVerifier.new({"admin" => hash})

Defined in:

kemal-basic-auth/bcrypt_verifier.cr

Constructors

.new(entries : Hash(String, String))

Class Method Summary

.dummy_hash : String

Instance Method Summary

#authorize?(username : String, password : String) : String | Nil
Returns the authorized username on success, or nil otherwise.

Instance methods inherited from class `Kemal::BasicAuth::Verifier`

Constructor Detail

def self.new(entries : Hash(String, String)) #

[View source]

Class Method Detail

def self.dummy_hash : String #

[View source]

Instance Method Detail

def authorize?(username : String, password : String) : String | Nil #

Description copied from class Kemal::BasicAuth::Verifier

Returns the authorized username on success, or nil otherwise.

[View source]

CrystalDoc.info

kemal-basic-auth

class Kemal::BasicAuth::BcryptVerifier

Overview

Defined in:

Constructors

Class Method Summary

Instance Method Summary

Instance methods inherited from class Kemal::BasicAuth::Verifier

Constructor Detail

Class Method Detail

Instance Method Detail

Instance methods inherited from class `Kemal::BasicAuth::Verifier`