Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store passwords for PLAIN authentication mechanism #3785

Closed
Tracked by #7
AlekSi opened this issue Nov 30, 2023 · 0 comments · Fixed by #3890 or #3928
Closed
Tracked by #7

Store passwords for PLAIN authentication mechanism #3785

AlekSi opened this issue Nov 30, 2023 · 0 comments · Fixed by #3890 or #3928
Assignees
@henvic
Labels
area/auth Issues about authentication and authorization code/chore Code maintenance improvements
Milestone
v1.19.0

Comments

@AlekSi
Copy link
Member

AlekSi commented Nov 30, 2023
edited by henvic

What should be done?

For the PLAIN authentication method, we should store the password securely. We should do it in a way similar to MongoDB:

[
  {
    _id: 'test.username',
    userId: UUID('74d81c52-0b4c-4904-8930-7bd1b72f4e04'),
    user: 'username',
    db: 'test',
    credentials: {
      PLAIN: {
        algo: 'argon2id',
        t: int32(3),
        p: int32(4),
        m: int32(65536),
        hash: types.Binary{…},
        salt: types.Binary{…},
      }
    },
    roles: []
  }
]

credentials.PLAIN document is provided by the internal/util/password.PlainHash function.

We should update createUser method to store password.
We should update usersInfo method to return credentials when called with showCredentials: true.
Actually using/validating password for authentication is not in the scope of this issue.

Where?

createUser and usersInfo command handlers.

Definition of Done

  • handler updated;
  • integration/compatibility tests added/updated;
  • spot refactorings done.
@AlekSi AlekSi added code/chore Code maintenance improvements not ready Issues that are not ready to be worked on; PRs that should skip CI labels Nov 30, 2023
This was referenced Nov 30, 2023
Open
Closed
@AlekSi AlekSi assigned AlekSi and unassigned ferretdb-bot Dec 5, 2023
@AlekSi AlekSi modified the milestones: Next, v1.17.0 Dec 11, 2023
@AlekSi AlekSi mentioned this issue Dec 20, 2023
Merged
9 tasks
AlekSi added a commit that referenced this issue Dec 20, 2023
@AlekSi
Add utilities for working with passwords (#3890)
3db735b 
Closes #3785.
@AlekSi AlekSi reopened this Dec 21, 2023
@AlekSi AlekSi assigned henvic and unassigned AlekSi Dec 21, 2023
@AlekSi AlekSi removed the not ready Issues that are not ready to be worked on; PRs that should skip CI label Dec 21, 2023
@henvic henvic mentioned this issue Jan 3, 2024
Merged
9 tasks
@AlekSi AlekSi removed this from the v1.18.0 milestone Jan 8, 2024
AlekSi added a commit that referenced this issue Jan 12, 2024
@henvic @AlekSi
@rumyantseva @noisersup
Store passwords for PLAIN authentication mechanism (#3928)
69db267 
Closes #3785.

Co-authored-by: Alexey Palazhchenko <alexey.palazhchenko@ferretdb.io>
Co-authored-by: Elena Grahovac <elena@grahovac.me>
Co-authored-by: Patryk Kwiatek <patryk@kwiatek.xyz>
@AlekSi AlekSi added the area/auth Issues about authentication and authorization label Jan 15, 2024
@AlekSi AlekSi added this to the Next milestone Jan 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@henvic henvic

Labels
area/auth Issues about authentication and authorization code/chore Code maintenance improvements
Projects
Current Engineering
Archived in project
Milestone
v1.19.0
3 participants
@AlekSi @henvic @ferretdb-bot