Can't start comeonin with Bcrypt

I am adding user Authentication to my webapp and for some reason I am having issues and really don’t know how to solve it (I don’t know if it’s an error on my side or a bug).

(Just as an heads up, I am using windows and I have nmake installed)

I try to add comeonin and Bcrypt like so:

     {:comeonin, "~> 5.0"},
     {:bcrypt_elixir, "~> 2.0"}

Then I do mix deps,get and mix deps.compile bcrypt_elixir, which works completely well and I don’t get any errors.

When I do mix phoenix.server I get the following warning (I am using hash_pwd_salt/1):

warning: function Comeonin.Bcrypt.hash_pwd_salt/1 is undefined or private. Did you mean one of:

      * hashpwsalt/1
      * hashpwsalt/2

If I try using hashpwsalt/1 I get:

** (exit) an exception was raised:
    ** (ArgumentError) Comeonin.Bcrypt.hashpwsalt has been removed.
Add {:bcrypt_elixir, "~> 2.0"} to the deps in your mix.exs file,
and use Bcrypt.hash_pwd_salt instead.

        lib/comeonin/base.ex:32: Comeonin.Bcrypt.error/2
        (ecto) lib/ecto/changeset.ex:1004: Ecto.Changeset.update_change/3
        (dealmailer) web/controllers/user_controller.ex:12: Dealmailer.UserController.create/2
        (dealmailer) web/controllers/user_controller.ex:1: Dealmailer.UserController.action/2
        (dealmailer) web/controllers/user_controller.ex:1: Dealmailer.UserController.phoenix_controller_pipeline/2
        (dealmailer) lib/dealmailer/endpoint.ex:1: Dealmailer.Endpoint.instrument/4
        (dealmailer) lib/phoenix/router.ex:261: Dealmailer.Router.dispatch/2
        (dealmailer) web/router.ex:1: Dealmailer.Router.do_call/2
        (dealmailer) lib/dealmailer/endpoint.ex:1: Dealmailer.Endpoint.phoenix_pipeline/1
        (dealmailer) lib/plug/debugger.ex:123: Dealmailer.Endpoint."call (overridable 3)"/2
        (dealmailer) lib/dealmailer/endpoint.ex:1: Dealmailer.Endpoint.call/2
        (plug) lib/plug/adapters/cowboy/handler.ex:15: Plug.Adapters.Cowboy.Handler.upgrade/4
        (cowboy) c:/Users/Zastrix/Documents/Phoenix/dealmailer-phoenix/deps/cowboy/src/cowboy_protocol.erl:442: :cowboy_protocol.execute/4

Then I try to downgrade my versions:

     {:comeonin, "~> 4.0"},
     {:bcrypt_elixir, "~> 1.0"}

And I get the dependencies and compile, everything is okay. I don’t get warnings in console when I start the app but when I do actually run it… I get this again (I am using hashpwsalt/1 here)

** (exit) an exception was raised:
    ** (ArgumentError) Comeonin.Bcrypt.hashpwsalt has been removed.
Add {:bcrypt_elixir, "~> 2.0"} to the deps in your mix.exs file,
and use Bcrypt.hash_pwd_salt instead.

        lib/comeonin/base.ex:32: Comeonin.Bcrypt.error/2
        (ecto) lib/ecto/changeset.ex:1004: Ecto.Changeset.update_change/3
        (dealmailer) web/controllers/user_controller.ex:12: Dealmailer.UserController.create/2
        (dealmailer) web/controllers/user_controller.ex:1: Dealmailer.UserController.action/2
        (dealmailer) web/controllers/user_controller.ex:1: Dealmailer.UserController.phoenix_controller_pipeline/2
        (dealmailer) lib/dealmailer/endpoint.ex:1: Dealmailer.Endpoint.instrument/4
        (dealmailer) lib/phoenix/router.ex:261: Dealmailer.Router.dispatch/2
        (dealmailer) web/router.ex:1: Dealmailer.Router.do_call/2
        (dealmailer) lib/dealmailer/endpoint.ex:1: Dealmailer.Endpoint.phoenix_pipeline/1
        (dealmailer) lib/plug/debugger.ex:123: Dealmailer.Endpoint."call (overridable 3)"/2
        (dealmailer) lib/dealmailer/endpoint.ex:1: Dealmailer.Endpoint.call/2
        (plug) lib/plug/adapters/cowboy/handler.ex:15: Plug.Adapters.Cowboy.Handler.upgrade/4
        (cowboy) c:/Users/Zastrix/Documents/Phoenix/dealmailer-phoenix/deps/cowboy/src/cowboy_protocol.erl:442: :cowboy_protocol.execute/4

Hi,

Can you update your bcrypt to use {bcrypt, "~> 2.0.3"},

Also have a look at the docs https://hexdocs.pm/bcrypt_elixir/Bcrypt.html#content

Can you also share the file where you use bcrypt to register the users?

Also wouldn’t the function to hash and add a salt, be this hash_pwd_salt/2?

Looks like I fixed the issue. It wasn’t a bug from compiling like I thought. I used this tutorial where I need to alias this:

alias Comeonin.Bcrypt

Now when I read the Bcrypt example docs, it looked like that Bcrypt didn’t really need this alias in order to work. I tested it out and lo and behold I didn’t get an error.

I guess that I tried to alias a module which didn’t really exist or was not the one correct to use so my app didn’t really manage to find it, but it worked without the alias.

When using using

{:comeonin, "~> 5.0"},
     {:bcrypt_elixir, "~> 2.1"}

the best way to encrypt password is using

Bcrypt.Base.hash_password(password, Bcrypt.gen_salt(12, true))

For more information Check Bcrypt Docs

As far as I understand, we don’t really need to use comeonin. It seems like that bcrypt_elixir does all the work. Is that correct?

Yes and no. comeonin still holds the behaviour all the concrete packages implement. It’s a dependency of all of them. If you depend on the behaviour of comeonin and not just a single concrete implementation I feels it’s still good to list comeonin as explicit dependency. Because switching to another password hashing package does not change your dependency on the common interface.

1 Like