-
-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create a secrecy
feature
#20
Conversation
I believe the job compiles the Ahh, it's probably due to the fact the CI command contains |
@@ -50,8 +53,8 @@ where | |||
Store: UserStore<Role, User = User>, | |||
Role: PartialEq + Clone + Send + Sync + 'static, | |||
{ | |||
fn get_session_auth_id(&self, password_hash: &str) -> String { | |||
let tag = hmac::sign(&self.key, password_hash.as_bytes()); | |||
fn get_session_auth_id(&self, password_hash: &[u8]) -> String { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this change need to be behind a feature flag as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think so - this is not a public function.
That seems likely, however I do think |
I'm not sure what the problem is. The |
Sorry you're running into this. Maybe we could see how the axum crate itself is handling this? They use the same GitHub Action structure we have and also have features enabled for only some examples. |
Unfortunately this might be working as intended. I'm not sure there's any practical workaround and as you've probably already noticed, removing Another approach could be to implement a separate method that leverages |
You're right. Conflicting features are not possible and not a good idea in general. IMHO we should let the PR remain unmerged for now, provide one last release with the roles and all the smaller fixes we did before a new major version introducing axum 6.0 compatibility. Then we can also add this change but not as a feature but as part of the major release. |
@maxcountryman rebased the changes :) |
This feature requires the `AuthUser` to return a securely-handled version of the `password_hash`.
This feature requires the
AuthUser
to return a securely-handled version of thepassword_hash
.Closes #7.