NAME

    Mojolicious::Plugin::BcryptSecure - Securely bcrypt and validate your
    passwords.

STATUS

SYNOPSIS

      # Mojolicious::Lite
    
      # use the default cost of 12
      plugin 'BcryptSecure'
    
      # set your own cost
      plugin BcryptSecure => { cost => 8 };
    
      # Mojolicious
    
      sub startup {
        my $self = shift;
    
        # use the default cost of 12
        $self->plugin('BcryptSecure');
    
        # set your own cost
        $self->plugin('BcryptSecure', { cost => 8 })
      }

DESCRIPTION

    Mojolicious::Plugin::BcryptSecure is a fork of
    Mojolicious::Plugin::Bcrypt with two main differences:

      * Crypt::URandom is used to generate the salt used in "bcrypt" with
      strongest available source of non-blocking randomness on the current
      platform.

      * "secure_compare" in Mojo::Util is used in "bcrypt_validate" when
      comparing the crypted passwords to help prevent timing attacks.

    You also may want to look at Mojolicious::Command::bcrypt to help
    easily generate crypted passwords with your app's bcrypt settings via a
    Mojolicious::Command.

OPTIONS

 cost

    A non-negative integer with at most two digits that controls the cost
    of the hash function. The number of operations is proportional to
    2^cost. The default value is 12. This option is described more in
    Crypt::Eksblowfish::Bcrypt.

      # Mojolicious::Lite
      plugin BcryptSecure => { cost => 8 };
    
      # Mojolicious
      sub startup {
        my $self = shift;
    
        $self->plugin('BcryptSecure', { cost => 8 })
      }

HELPERS

 bcrypt

    Crypts a password via the bcrypt algorithm and returns the resulting
    crypted value.

      my $crypted_password = $c->bcrypt($plaintext_password);
    
      # optionally pass your own settings
      my $crypted_password = $c->bcrypt($plaintext_password, $settings);

    $settings is an optional string which encodes the algorithm parameters,
    as described in Crypt::Eksblowfish::Bcrypt.

 bcrypt_validate

    Validates a password against a crypted password (from your database,
    for example):

      if ($c->bcrypt_validate($plaintext_password, $crypted_password)) {
          # Authenticated
      } else {
          # Uh oh...
      }

AUTHOR

    Adam Hopkins <srchulo@cpan.org>

COPYRIGHT

    Copyright 2019- Adam Hopkins

LICENSE

    This library is free software; you can redistribute it and/or modify it
    under the same terms as Perl itself.

SEE ALSO

      * Mojolicious::Command::bcrypt

      * Crypt::Eksblowfish::Bcrypt

      * Crypt::URandom

      * Mojolicious::Plugin::Bcrypt