Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for user authentication using user profiles stored in the repository #809

Merged
merged 9 commits into from
Feb 4, 2021
Merged

Added support for user authentication using user profiles stored in the repository #809

merged 9 commits into from
Feb 4, 2021

Conversation

jkowalski
Copy link
Contributor

This is an alternative to htpasswd-based authentication. Users can be added and manipulated using CLI and are stored in a repository as manifests of type user.

@jkowalski jkowalski force-pushed the repository-user-authentication branch from 84a4ac1 to a68ae3a Compare January 30, 2021 01:49
julio-lopez
julio-lopez reviewed Feb 3, 2021
View reviewed changes
Copy link
Collaborator

@julio-lopez julio-lopez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LG, comments & question inline.

cli/command_user_info.go Outdated Show resolved Hide resolved
internal/auth/authn_repo.go Show resolved Hide resolved
internal/user/user_profile.go Show resolved Hide resolved
internal/auth/authn_repo.go Outdated Show resolved Hide resolved
internal/user/user_profile_hash_v1.go

salt := data[0:v1SaltLength]

h := computePasswordHashV1(password, salt)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the password checked on every request? or when a connection is established (and potentially reused for multiple requests)?
Is scrypt.Key going to blow up memory consumption for the server?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the password will be checked once per stream in GRPC session and once per request in the REST case. Given that we're deprecating the REST server soon, this should practically not matter, since no user is currently using repository-based accounts.

jkowalski and others added 2 commits February 3, 2021 18:43
@jkowalski
Update cli/command_user_info.go
84ec2b8 
Co-authored-by: Julio López <julio+gh@kasten.io>
@jkowalski
pr feedback
7b8a6f4
@jkowalski jkowalski force-pushed the repository-user-authentication branch from 3628000 to 7b8a6f4 Compare February 4, 2021 03:08
@julio-lopez
Copy link
Collaborator

@pavannd1 PTAL when you have a chance

@julio-lopez julio-lopez merged commit 5d07237 into kopia:master Feb 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@julio-lopez julio-lopez julio-lopez left review comments

@pavannd1 pavannd1 Awaiting requested review from pavannd1

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jkowalski @julio-lopez