Remove dependency on SCrypt #679
Conversation
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
| # Authlogic 6, the default was `CryptoProviders::SCrypt`. If you try | ||
| # to read this config option before setting it, it will raise a | ||
| # `NilCryptoProvider` error. See that error's message for further | ||
| # details, and rationale for this change. |
There was a problem hiding this comment.
Should we raise an error on boot instead of lazily? Seems more certain that people will see it.
I don't think we can raise this error any earlier. We can't raise it until eg. Other than the error timing, are you OK with this breaking change? Thanks again for the quick review. |
1. Errors should share a parent class Authlogic::Error 2. Having them in one file is kind of convenient because they often have long messages, and it's nice to keep that copywriting out of the way. Also, it's sort of nice if a file like rails_adapter.rb only defines the adapter class and not any other classes?
Oh, we could raise on write (during |
[Fixes #668] See changelog for description, rationale.
jaredbeck
force-pushed
the
remove_dependency_on_scrypt
branch
from
4fb298c
to
ae4fef1
Compare
|
Released as 6.0.0 |
In Authlogic 5, we require everyone to install the scrypt gem, even if they only use eg. bcrypt. I propose removing the runtime dependency, and requiring everyone to explicitly specify their
crypto_provider.Besides fixing the obvious problem of forcing people to install a gem they don't use, I believe this change will also fix a rare RuntimeError.
Obviously, this is a breaking change, which would require us bumping the major version to 6.
Fixes #668, closes #669 (thanks for your great work on those @mihael, I hope you like this solution even better)