sha256 hash password. (#60)

This commit is contained in:
Miroslav Šedivý 2023-11-19 15:31:18 +01:00 committed by GitHub
parent 9d1ea87128
commit d9bcde3331
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 6 deletions

View File

@ -33,6 +33,11 @@ func (Member) Init(cmd *cobra.Command) error {
return err return err
} }
cmd.PersistentFlags().Bool("member.file.hash", true, "member file provider: whether to hash passwords using sha256 (recommended)")
if err := viper.BindPFlag("member.file.hash", cmd.PersistentFlags().Lookup("member.file.hash")); err != nil {
return err
}
// object provider // object provider
cmd.PersistentFlags().String("member.object.users", "[]", "member object provider: users in JSON format") cmd.PersistentFlags().String("member.object.users", "[]", "member object provider: users in JSON format")
if err := viper.BindPFlag("member.object.users", cmd.PersistentFlags().Lookup("member.object.users")); err != nil { if err := viper.BindPFlag("member.object.users", cmd.PersistentFlags().Lookup("member.object.users")); err != nil {
@ -68,6 +73,7 @@ func (s *Member) Set() {
// file provider // file provider
s.File.Path = viper.GetString("member.file.path") s.File.Path = viper.GetString("member.file.path")
s.File.Hash = viper.GetBool("member.file.hash")
// object provider // object provider
if err := viper.UnmarshalKey("member.object.users", &s.Object.Users, viper.DecodeHook( if err := viper.UnmarshalKey("member.object.users", &s.Object.Users, viper.DecodeHook(

View File

@ -1,6 +1,7 @@
package file package file
import ( import (
"crypto/sha256"
"encoding/json" "encoding/json"
"io" "io"
"os" "os"
@ -18,6 +19,17 @@ type MemberProviderCtx struct {
config Config config Config
} }
func (provider *MemberProviderCtx) hash(password string) string {
// if hash is disabled, return password as plain text
if !provider.config.Hash {
return password
}
sha256 := sha256.New()
sha256.Write([]byte(password))
return string(sha256.Sum(nil))
}
func (provider *MemberProviderCtx) Connect() error { func (provider *MemberProviderCtx) Connect() error {
return nil return nil
} }
@ -35,8 +47,7 @@ func (provider *MemberProviderCtx) Authenticate(username string, password string
return "", types.MemberProfile{}, err return "", types.MemberProfile{}, err
} }
// TODO: Use hash function. if entry.Password != provider.hash(password) {
if entry.Password != password {
return "", types.MemberProfile{}, types.ErrMemberInvalidPassword return "", types.MemberProfile{}, types.ErrMemberInvalidPassword
} }
@ -58,8 +69,7 @@ func (provider *MemberProviderCtx) Insert(username string, password string, prof
} }
entries[id] = MemberEntry{ entries[id] = MemberEntry{
// TODO: Use hash function. Password: provider.hash(password),
Password: password,
Profile: profile, Profile: profile,
} }
@ -94,8 +104,7 @@ func (provider *MemberProviderCtx) UpdatePassword(id string, password string) er
return types.ErrMemberDoesNotExist return types.ErrMemberDoesNotExist
} }
// TODO: Use hash function. entry.Password = provider.hash(password)
entry.Password = password
entries[id] = entry entries[id] = entry
return provider.serialize(entries) return provider.serialize(entries)

View File

@ -11,4 +11,5 @@ type MemberEntry struct {
type Config struct { type Config struct {
Path string Path string
Hash bool
} }