profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/rmoorman/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

rmoorman/aeson 1

A fast Haskell JSON library

jordainfg/BlogPostingApplicatie 0

Een blog post applcatie met alle functionaliteit

jordainfg/Fresh-react-app 0

Hier ga ik state van redux leren, begrijpen en oefenen

rmoorman/12fakter-wordpress 0

12factorish wordpress using 12fakter

rmoorman/2048 0

A small clone of 1024 (https://play.google.com/store/apps/details?id=com.veewo.a1024)

rmoorman/3factor-example 0

Canonical example of building a 3factor app : a food ordering application

rmoorman/abilian-core 0

Abilian Core framework and services

rmoorman/absinthe 0

The GraphQL toolkit for Elixir

startedreact-component/util

started time in 7 hours

startedlau/tzdata

started time in a day

fork rmoorman/ex_prompt

ExPrompt is a helper package to add interactivity to your command line applications as easy as possible.

fork in 2 days

startedbehind-design/ex_prompt

started time in 2 days

fork rmoorman/ex_shortuuid

ShortUUID is a simple UUID shortener for Elixir.

fork in 5 days

fork rmoorman/type-fest

A collection of essential TypeScript types

fork in 6 days

startedsindresorhus/type-fest

started time in 6 days

push eventrmoorman/phoenix

Gonçalo Tomás

commit sha 1d5029f904dda6fbfa931441faa0e29e0ff1bf59

Set argon2 as default hash alg for mix.gen.auth (#4471)

view details

push time in 7 days

push eventrmoorman/phoenix

Rico Moorman

commit sha 3255dd13b47250b9ff7bdf20546b2b4bbdbdbba8

Check for a redirect to "/" more strictly

view details

push time in 7 days

push eventrmoorman/phoenix

Rico Moorman

commit sha 4aef2696a0b187cbfba21c4c377ad8c223f6713d

Check for a redirect to "/" more strictly

view details

push time in 7 days

push eventrmoorman/phoenix

Rico Moorman

commit sha 29762b91b64363bd7cf02c923153fd0ad0953ffc

Check for a redirect to "/" more strictly

view details

push time in 7 days

fork rmoorman/phoenix

Peace of mind from prototype to production

https://www.phoenixframework.org

fork in 7 days

push eventrmoorman/phoenix

Rico Moorman

commit sha 2d6254ace307f4a990f34fd23334dffdc5918b32

Adjust auth module test to match endpoint broadcast against live_socket_id on logout (#4472)

view details

Rico Moorman

commit sha 349abdfde5a939aea3158c3e151b8f3935872ab7

Merge branch 'phoenixframework:master' into master

view details

push time in 7 days

push eventrmoorman/phoenix

José Valim

commit sha 447999b44c53d628d99e2aa277be3f5bbad789ab

Delegate deploy script to npm if using npm

view details

José Valim

commit sha 73341a931ffe63ed3bbb44312a543b4f2be57fab

Also remove esbuild

view details

Rico Moorman

commit sha 8414cae4d5cdf63de2222f39d888d151f6fc2e67

Merge branch 'phoenixframework:master' into master

view details

Rico Moorman

commit sha 59d0ab70529a7ad35b6905677e1950e9a2b26693

Adjust the session controller test to correctly check for the links below the form (#4477)

view details

Josh Price

commit sha b11cb1987c378e8c84f68eb0d71186026def554f

Update `Phoenix.Socket` docs to clarify defaults (#4470) `Phoenix.Endpoint.socket/3` sets `websocket` on by default and `longpoll` is off by default. Previous phrasing implied that both were on by default. https://hexdocs.pm/phoenix/Phoenix.Endpoint.html#socket/3 `:longpoll` - controls the longpoll configuration. Defaults to false https://github.com/phoenixframework/phoenix/blob/v1.5.12/lib/phoenix/endpoint.ex#L649-L650

view details

Rico Moorman

commit sha 9b535ce64c3a144a25a092f7e495d0a6d24cfb52

Merge branch 'phoenixframework:master' into master

view details

Rico Moorman

commit sha 72865121800850203166ce94c64950ad291d134b

Adjust registration controller test to check for a redirect to "/" more strictly

view details

push time in 7 days

push eventrmoorman/phoenix

Rico Moorman

commit sha 59d0ab70529a7ad35b6905677e1950e9a2b26693

Adjust the session controller test to correctly check for the links below the form (#4477)

view details

Josh Price

commit sha b11cb1987c378e8c84f68eb0d71186026def554f

Update `Phoenix.Socket` docs to clarify defaults (#4470) `Phoenix.Endpoint.socket/3` sets `websocket` on by default and `longpoll` is off by default. Previous phrasing implied that both were on by default. https://hexdocs.pm/phoenix/Phoenix.Endpoint.html#socket/3 `:longpoll` - controls the longpoll configuration. Defaults to false https://github.com/phoenixframework/phoenix/blob/v1.5.12/lib/phoenix/endpoint.ex#L649-L650

view details

Rico Moorman

commit sha 9b535ce64c3a144a25a092f7e495d0a6d24cfb52

Merge branch 'phoenixframework:master' into master

view details

push time in 7 days

push eventrmoorman/phoenix

José Valim

commit sha 447999b44c53d628d99e2aa277be3f5bbad789ab

Delegate deploy script to npm if using npm

view details

José Valim

commit sha 73341a931ffe63ed3bbb44312a543b4f2be57fab

Also remove esbuild

view details

Rico Moorman

commit sha 8414cae4d5cdf63de2222f39d888d151f6fc2e67

Merge branch 'phoenixframework:master' into master

view details

push time in 7 days

push eventrmoorman/phoenix

Rico Moorman

commit sha 85ef022dc0b2a4ff5601898366497303302ede34

Adjust auth module test to match endpoint broadcast against live_socket_id on logout

view details

Rico Moorman

commit sha 92407fe4bb1e2d766fa8b8542f2879cf120fe4aa

Adjust registration controller test to check for a redirect to "/" more strictly

view details

push time in 7 days

push eventrmoorman/phoenix

Rico Moorman

commit sha b1eb6daea70bc5dd155a5525599e274d6d0091fe

Adjust the session controller test to correctly check for the links below the form

view details

push time in 7 days

push eventrmoorman/phoenix

Rico Moorman

commit sha 9d3701f0d5322ed837fb4abdf5082a3a0c497ac0

Adjust registration controller test to check for a redirect to "/" more strictly

view details

push time in 7 days

push eventrmoorman/phoenix

Rico Moorman

commit sha 85ef022dc0b2a4ff5601898366497303302ede34

Adjust auth module test to match endpoint broadcast against live_socket_id on logout

view details

push time in 7 days

push eventrmoorman/phoenix

Chris McCord

commit sha 12f4116e299b43bec9c74a379d8de55b0a13262c

Update generators to use heex. Closes #4378

view details

Chris McCord

commit sha f86daf5c800b8a5f5d3dc28bbb4d75bb5a3f799f

Update for heex

view details

Chris McCord

commit sha 9da5447c04bba6202c71d91358f13d95caedda6e

Update priv/templates/phx.gen.auth/confirmation_edit.html.heex Co-authored-by: José Valim <jose.valim@dashbit.co>

view details

Chris McCord

commit sha 724ca43ff21f451fbed5850c9342896f83c43ec6

No live

view details

Chris McCord

commit sha f87db41a8904eed1b0519717b8ade09f70100dd4

no-html disables live

view details

José Valim

commit sha 9859bde49cabcfb89713895c3489dabe24ead005

Update phx_new_umbrella_test.exs

view details

José Valim

commit sha 07ac396df679836830782cd7eb6b2642d255bebd

Update phx_new_test.exs

view details

José Valim

commit sha 1661bf2af06b56c70eb9232a1232d15b3901a16a

Update phx_new_umbrella_test.exs

view details

José Valim

commit sha 11165928f1432162713db6917d4ff68207b67980

Purge modules if manifest was changed out of band, closes #4292

view details

Chris McCord

commit sha f32f486e05f06bc08857ef4067d72ecfba542866

Clean up comments

view details

Chris McCord

commit sha bda2c853e7bef1e3378d8da415af778858f08f3d

Resolve conflicts

view details

Chris McCord

commit sha 41435470bc414b859497cd03a5b39e08da659368

Merge branch 'cm-heex-generators'

view details

Benjamin Danklin

commit sha 0bf4308b8580dd37b1abeb4a79f02388eaf7cebe

Add explanations for `@`, and `<%= %>` vs `<% %>` to the views guide. (#4430) * Added descriptions of `@`, and `<%= %>` vs `<% %>` * change example to dot syntax * Update guides/views.md Co-authored-by: Benjamin Danklin <mark@marks-engineering.com> Co-authored-by: Chris McCord <chris@chrismccord.com>

view details

Chris McCord

commit sha 3ba0f6fc3407d4ddc08c05715ff8b24cb367d8bd

Release 1.6.0-rc.0

view details

José Valim

commit sha 24e7bf430384dfcfedd85b5d11ff499b8be4e1d8

Update CHANGELOG

view details

José Valim

commit sha bf7100fac3306b53d2df781d49eeb5d53223b087

Simplify phoenix_js_path

view details

José Valim

commit sha 0a5cb39f068e0ee5b4aa3fbe25dd1bc1b7c25d23

Limit passwords to 72 bytes, closes #4433

view details

José Valim

commit sha 4b33d008ddb40035e684d15dd613c5d902353558

Intro to HEEx in the guides

view details

José Valim

commit sha 1a719392bcf3b1b5590fcbc074b88d3672e0a05b

Revert mime dependency for now

view details

José Valim

commit sha eefca9b10befea30fdc34117115f34221f2728a2

Validate bytes only afterwards

view details

push time in 7 days

fork rmoorman/zigler_raytracer

Just an experimental repo to play around with Zigler and Zig

fork in 18 days

startedakoutmos/zigler_raytracer

started time in 18 days

fork rmoorman/comeonin

Password hashing specification for the Elixir programming language

https://hex.pm/packages/comeonin

fork in 22 days

issue openedphoenixframework/phoenix

phx.gen.auth and Bcrypt limitations

Hello,

Bcrypt does not support passwords longer than 72 bytes. (e.g. stated on https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)

The effect of using passwords longer than 72 bytes may be best illustrated with an example

iex(1)> string_72 = String.duplicate("0", 72)           
"000000000000000000000000000000000000000000000000000000000000000000000000"
iex(2)> string_80 = string_72 <> String.duplicate("1", 8)
"00000000000000000000000000000000000000000000000000000000000000000000000011111111"
iex(3)> string_80_hash = Bcrypt.hash_pwd_salt(string_80)     
"$2b$12$YkS4bXNjU/Ac72KMl3Fgk.W1fCVdmCNGio9Nl0hfZJ5S2nk4zeur2"
iex(4)> Bcrypt.verify_pass(string_80, string_80_hash)        
true
iex(5)> Bcrypt.verify_pass(string_72, string_80_hash)        
true

Furthermore, Bcrypt works on raw bytes which renders the validate_length with it's default inappropriate to catch this

iex(1)> multi_string_72 = String.duplicate("♬", 72)                 
"♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬"
iex(2)> multi_string_71 = String.duplicate("♬", 71)                 
"♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬"
iex(3)> multi_string_72_hash = Bcrypt.hash_pwd_salt(multi_string_72)
"$2b$12$fu7E.VVi914zNcHlZWMw7uFUQHuZJPgCoXHzWWs/khVaTj1ogu/S."
iex(4)> Bcrypt.verify_pass(multi_string_72, multi_string_72_hash)   
true
iex(5)> Bcrypt.verify_pass(multi_string_71, multi_string_72_hash)   
true
iex(6)> {%{}, %{password: :string}} |> cast(%{password: multi_string_72}, [:password]) |> validate_length(:password, max: 72)
#Ecto.Changeset<
  action: nil,
  changes: %{
    password: "♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬"
  },
  errors: [],
  data: %{},
  valid?: true
>
iex(7)> byte_size(multi_string_72)
216

Using the count: :bytes option for the validation does work well to validate for the appropriate limit though

iex(1)> {%{}, %{password: :string}} |> cast(%{password: multi_string_72}, [:password]) |> validate_length(:password, max: 72, count: :bytes)   
#Ecto.Changeset<
  action: nil,
  changes: %{
    password: "♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬♬"
  },
  errors: [
    password: {"should be at most %{count} byte(s)",
     [count: 72, validation: :length, kind: :max, type: :binary]}
  ],
  data: %{},
  valid?: false
>

Given that behavior, I am wondering if this is a problem within the scope of the phx.gen.auth generator. Is this something that needs documentation or something that would warrant a slightly different implementation of the generator output when Bcrypt is being used (which is the default of course).

created time in 22 days