tests: always use real bcrypt lib #962
Conversation
|
How does bcrypt with a salt of 1 compare to the bcrypt mock in terms of speed? That is, how do times compare when testing locally (where |
|
I've just run
|
|
On my machine, both hash> bcrypt = require('bcrypt'); start = Date.now(); for(i=0; i<1000; ++i) bcrypt.hashSync('' + Math.random(), 1); Date.now() - start;
1125validate> bcrypt = require('bcrypt'); hashes = []; for(i=0; i<1000; ++i) { plaintext=''+Math.random(); hashes.push([plaintext, bcrypt.hashSync(plaintext, 1)])}; start = Date.now(); hashes.forEach(([plain, hash]) => bcrypt.compareSync(plain, hash)); Date.now() - start
1104 |
|
I like this change, and want this to be merged soon |
|
I haven't taken a close look, but no objection on my end! Maybe @alxndrsn should rebase, then @sadiqkhoja should review. One thing that comes to mind is that this PR seems thematically related to #990 in that both use environment variables rather than dependency injection, which we've tended to use in the past. #990 is partly meant to facilitate testing of the CLI, for which we don't have dependency injection set up: see #937. I don't think there's an issue with a greater use of environment variables, but I thought I'd note the pattern. |
Instead of mocking bcrypt in some test scenarios, decrease the cost factor to the fastest possible value.
alxndrsn
force-pushed
the
use-bcrypt-in-tests-fast
branch
from
7c92c7e to
d45d886
Compare
This has been rebased 👍 |
matthew-white
requested review from
sadiqkhoja and
matthew-white
and removed request for
sadiqkhoja
|
@sadiqkhoja, I know you're focused on web forms at the moment, but would you be up for reviewing this PR? I can also take a look if you don't have time. |
matthew-white
requested review from
sadiqkhoja
and removed request for
matthew-white
bcryptmock-bcrypt.jspassword.verify()/verifyPassword()andpassword.hash()/hashPassword()