Merge pull request #6356 from straight-shoota/jm/fix/bcrypt-password-eq

Fix: Add type restriction to Crypto::Bcrypt::Password#==
crystal-lang · Jul 9, 2018 · 9ba6ba9 · 9ba6ba9
2 parents afeaee4 + ad5fb0a
commit 9ba6ba9
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/spec/std/crypto/bcrypt/password_spec.cr b/spec/std/crypto/bcrypt/password_spec.cr
@@ -48,5 +48,16 @@ describe "Crypto::Bcrypt::Password" do
     it "verifies password is correct" do
       (password == "secret").should be_true
     end
+
+    it "works with Password" do
+      (password == password).should be_true
+
+      other_password = Crypto::Bcrypt::Password.create("wrong", 4)
+      (password == other_password).should be_false
+    end
+
+    it "works with other types" do
+      (password == 0.815).should be_false
+    end
   end
 end
diff --git a/src/crypto/bcrypt/password.cr b/src/crypto/bcrypt/password.cr
@@ -58,7 +58,7 @@ class Crypto::Bcrypt::Password
   # password == "wrong secret" # => false
   # password == "super secret" # => true
   # ```
-  def ==(password)
+  def ==(password : String) : Bool
     hashed_password = Bcrypt.new(password, salt, cost)
     Crypto::Subtle.constant_time_compare(@raw_hash, hashed_password)
   end