Add long-password strategy to verifier #23
Conversation
Indigo744
left a comment
There was a problem hiding this comment.
Looks good, I have only a minor comment (and a bit of a rambling 😉 sorry couldn't help!)
README.md
Outdated
| Don't forget to use the same strategy when verifying: | ||
|
|
||
| ```java | ||
| BCrypt.verifyer(LongPasswordStrategies.truncate()).verify(pw, hash) |
There was a problem hiding this comment.
You are missing a semicolon here 😉
Talking about it, I think the interface of the lib a bit surprising. Why BCrypt.with()... is for hashing, and BCrypt.verifyer()... is for verifying?
It would really make more sense, from an external point of view, if we could simply do:
BCrypt.with(LongPasswordStrategies.truncate()).verify(pw, hash);
I get that, internally, it is 2 different classes (too keep the code tidy I guess?) but it's not really obvious when using the lib.
There was a problem hiding this comment.
I see your point. My understanding was that hashing and verifying are usually done in different places, so normally one would only do the one or other. I don't like to change the API lightly so I suggest we keep this fix with the current API and I'll create an improvement task where we can think about changing the API in a major version update.
There was a problem hiding this comment.
Of course, let's keep focus on this PR.
Don't know if you seen my first sentence "You are missing a semicolon here"
It was kind of buried in my rambling 😅
There was a problem hiding this comment.
Yes, just committed the update ;)
Pull Request Test Coverage Report for Build 206
💛 - Coveralls |
refs #21