Fix example of Crypto::BCrypt.new(String, String, Int). #15931
Conversation
src/crypto/bcrypt.cr
Outdated
| # ``` | ||
| # require "crypto/bcrypt" | ||
| # | ||
| # password = Crypto::Bcrypt.new "secret", "salt_of_16_chars" | ||
| # password = Crypto::Bcrypt.new "secret", "0102030405060708090a0b0c0d0e0f10" |
There was a problem hiding this comment.
suggestion: The sample string looks like hexadecimal. Maybe we could put some other characters to clearly show that it's actually base64 encoded?
There was a problem hiding this comment.
Every password should have a different salt so let's generate it:
| # password = Crypto::Bcrypt.new "secret", "0102030405060708090a0b0c0d0e0f10" | |
| salt = Base64.encode(Random::Secure.random_bytes(16)) | |
| password = Crypto::Bcrypt.new "secret", salt) |
There was a problem hiding this comment.
If we're generating a random salt, we would probably use the other overload with Bytes directly, without going through the base64 encoding. Or better just the .hash_secret method. Or just Bcrypt::Password.
And for individual examples, I think it's generally best to keep them short with deterministic input and output. The goal is to demonstrate the functionality of a single method.
The password itself clearly shouldn't be "secret" either. For this particular method's documentation, a string literal is fine.
We might want to enhance the documentation of BCrypt with a practical guide for end-to-end integration with production-ready examples (or not: #15276). That's out of scope here, though.
Co-authored-by: Johannes Müller <straightshoota@gmail.com>
Current example just doesn't work, since it expects a base64 encoded string.