New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sync-server: add option to store hashed passwords #3083
Conversation
f386196
to
4ca6ad4
Compare
Does CI re-run automatically on force push or is there some way to trigger it manually? |
9515c7f
to
b3f61b2
Compare
I'm not sure why the CI is still failing, running |
I feel there's not a lot of value to hashing passwords in this case, as if you're following best practice and not reusing them on other sites, the only way they get compromised is if the machine is compromised - and then a hashed password does not help you at all. You are not the first person to want this however, and I feel like I might be better off accepting it than having to keep arguing about it. But some changes will be needed:
Optional:
|
The current implementation is 100% backwards compatible: It'll take the normal SYNC_USER env variable with username:password, even the host key format doesn't change so no need to re-login.
The advantage of the current implementation is, that you can store the password for one user in hashed format, and for another one in plain text. But if you think this is too much of an edge case I can change it.
Obviously, I'll do a PR at the doc repo when we've the above detail sorted out.
This is already done, the hash string follows the phc-format for hash strings, i.e. |
Thanks for clarifying those points. I don't think there's a need to have a mix - for the home use case this server is targeted at, it's hard to imagine a good reason to allow mixing hashed and unhashed passwords. |
a5e231c
to
035f6a2
Compare
As introduced by ankitects/anki#3083
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, some minor comments, then happy to merge this in.
rslib/Cargo.toml
Outdated
@@ -38,6 +38,7 @@ wiremock.workspace = true | |||
|
|||
[dependencies] | |||
criterion = { workspace = true, optional = true } | |||
pbkdf2 = { version = "0.12", features = ["simple"] } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please move this into the workspace Cargo.toml and reference it here, like the other deps.
rslib/src/sync/http_server/mod.rs
Outdated
_ => ( | ||
name, | ||
// hashes password with fixed salt, because why bother properly | ||
// salting a password that is stored in plaintext anyways? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd find a comment like the following more useful:
// Plain text passwords provided; hash them with a fixed salt.
As introduced by ankitects/anki#3083
4a95da1
to
029d48c
Compare
029d48c
to
ce80b7a
Compare
Looks good - thanks! |
* enclose all environment variables properly * Document ability to store passwords hashed As introduced by ankitects/anki#3083
* enclose all environment variables properly * Document ability to store passwords hashed As introduced by ankitects/anki#3083
* enclose all environment variables properly * Document ability to store passwords hashed As introduced by ankitects/anki#3083
Storing passwords in cleartext is immoral, and because I don't want to do that I wrote this PR.
I don't know rust very well, so please have a thorough look through my code and tell me if there are ways that are more rust-idiomatic.
Also, I'm willing to write tests/docs as soon as it's clear this goes in the right direction, but maybe I'll need some guidance for this.