Enhancement: Validate parameters for nil on noir.util.crypt's compare

noir-clojure / lib-noir

A set of libraries for ring apps, including stateful sessions.

Eclipse Public License 1.0

479 stars 47 forks source link

Enhancement: Validate parameters for nil on noir.util.crypt's compare #108

Open ricardojmendez opened 9 years ago

ricardojmendez commented 9 years ago

Calling:

(compare nil (encrypt "hello"))

returns false as expected. However, calling

(compare "hello" nil)

raises a NullPointerException from org.mindrot.jbcrypt.BCrypt.hashpw. It would be better to validate both parameters before passing them down to BCrypt/checkpw, and return false if one of them is nil.

yogthos commented 9 years ago

good idea, updated the logic with the check

yogthos commented 9 years ago

also just a heads up, I've been meaning to do this for a while and I'm finally moving lib-noir to use Scrypt as Bcrypt hasn't been updated since 2010.

ricardojmendez commented 9 years ago

Thanks for the heads up, but no problem - not relying on any specific Bcrypt behavior. Cheers!