use strict, support $2y$ hashes

dcodeIO · dcodeIO · commit 40e7a1662083 · 2014-06-24T23:22:12.000+02:00
diff --git a/dist/bcrypt.js b/dist/bcrypt.js
@@ -32,6 +32,7 @@
  * see: https://github.com/dcodeIO/bcrypt.js for details
  */
 (function(global) {
+    "use strict";
 
     /**
      * @type {Array.<string>}
@@ -839,7 +840,7 @@
             offset = 3;
         } else {
             minor = salt.charAt(2);
-            if (minor != 'a' || salt.charAt(3) != '$') {
+            if ((minor !== 'a' && minor !== 'y') || salt.charAt(3) !== '$') {
                 err = new Error("Invalid salt revision: "+salt.substring(2,4));
                 if (callback) {
                     _nextTick(callback.bind(this, err));
@@ -861,7 +862,7 @@
         var r2 = parseInt(salt.substring(offset + 1, offset + 2), 10);
         var rounds = r1 + r2;
         var real_salt = salt.substring(offset + 3, offset + 25);
-        s += minor >= 'a' ? "\000" : "";
+        s += minor >= 'a' ? "\x00" : "";
 
         var passwordb = _stringToBytes(s);
         var saltb = [];
diff --git a/dist/bcrypt.min.js b/dist/bcrypt.min.js
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
     "name": "bcryptjs",
     "description": "Optimized bcrypt in plain JavaScript with zero dependencies. Compatible to 'bcrypt'.",
-    "version": "1.0.2",
+    "version": "1.0.3",
     "author": "Daniel Wirtz <dcode@dcode.io>",
     "contributors": [
         "Shane Girish <shaneGirish@gmail.com> (https://github.com/shaneGirish)",
diff --git a/src/bcrypt.js b/src/bcrypt.js
@@ -32,6 +32,7 @@
  * see: https://github.com/dcodeIO/bcrypt.js for details
  */
 (function(global) {
+    "use strict";
 
     // #include "base64/native.js"
     
@@ -592,7 +593,7 @@
             offset = 3;
         } else {
             minor = salt.charAt(2);
-            if (minor != 'a' || salt.charAt(3) != '$') {
+            if ((minor !== 'a' && minor !== 'y') || salt.charAt(3) !== '$') {
                 err = new Error("Invalid salt revision: "+salt.substring(2,4));
                 if (callback) {
                     _nextTick(callback.bind(this, err));
@@ -614,7 +615,7 @@
         var r2 = parseInt(salt.substring(offset + 1, offset + 2), 10);
         var rounds = r1 + r2;
         var real_salt = salt.substring(offset + 3, offset + 25);
-        s += minor >= 'a' ? "\000" : "";
+        s += minor >= 'a' ? "\x00" : "";
 
         var passwordb = _stringToBytes(s);
         var saltb = [];
diff --git a/tests/suite.js b/tests/suite.js
@@ -49,8 +49,11 @@ module.exports = {
     },
     
     "compare": function(test) {
-        var hash1 = bcrypt.hashSync("hello", bcrypt.genSaltSync());
-        var hash2 = bcrypt.hashSync("world", bcrypt.genSaltSync());
+        var salt1 = bcrypt.genSaltSync(),
+            hash1 = bcrypt.hashSync("hello", salt1); // $2a$
+        var salt2 = bcrypt.genSaltSync();
+        salt2 = salt2.substring(0,2)+'y'+salt2.substring(3); // $2y$
+        var hash2 = bcrypt.hashSync("world", salt2);
         bcrypt.compare("hello", hash1, function(err, same) {
             test.notOk(err);
             test.ok(same);

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "bcryptjs",`
`3`	`3`	`"description": "Optimized bcrypt in plain JavaScript with zero dependencies. Compatible to 'bcrypt'.",`
`4`		`- "version": "1.0.2",`
	`4`	`+ "version": "1.0.3",`
`5`	`5`	`"author": "Daniel Wirtz <dcode@dcode.io>",`
`6`	`6`	`"contributors": [`
`7`	`7`	`"Shane Girish <shaneGirish@gmail.com> (https://github.com/shaneGirish)",`