Create a secrecy feature
#20
Conversation
|
I believe the job compiles the Ahh, it's probably due to the fact the CI command contains |
| @@ -50,8 +53,8 @@ where | |||
| Store: UserStore<Role, User = User>, | |||
| Role: PartialEq + Clone + Send + Sync + 'static, | |||
| { | |||
| fn get_session_auth_id(&self, password_hash: &str) -> String { | |||
| let tag = hmac::sign(&self.key, password_hash.as_bytes()); | |||
| fn get_session_auth_id(&self, password_hash: &[u8]) -> String { | |||
There was a problem hiding this comment.
Does this change need to be behind a feature flag as well?
There was a problem hiding this comment.
I don't think so - this is not a public function.
That seems likely, however I do think |
I'm not sure what the problem is. The |
|
Sorry you're running into this. Maybe we could see how the axum crate itself is handling this? They use the same GitHub Action structure we have and also have features enabled for only some examples. |
|
Unfortunately this might be working as intended. I'm not sure there's any practical workaround and as you've probably already noticed, removing Another approach could be to implement a separate method that leverages |
You're right. Conflicting features are not possible and not a good idea in general. IMHO we should let the PR remain unmerged for now, provide one last release with the roles and all the smaller fixes we did before a new major version introducing axum 6.0 compatibility. Then we can also add this change but not as a feature but as part of the major release. |
|
@maxcountryman rebased the changes :) |
This feature requires the `AuthUser` to return a securely-handled version of the `password_hash`.
This feature requires the
AuthUserto return a securely-handled version of thepassword_hash.Closes #7.