New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[postauth] Create API for postauth #29

Closed
nemesisdesign opened this Issue Jul 12, 2017 · 0 comments

Comments

Projects
None yet
2 participants
@nemesisdesign
Member

nemesisdesign commented Jul 12, 2017

(note: lower priority)

After merging #28 the default postauth query works, but I've noticed the default query logs the password of the user, which in case of a successful attempt effectively defeats the point explained in the hashing algorithm proposal I sent yesterday on the OpenWISP Mailing list.

Possible solutions:

  • add a note in the documentation which suggests to disable the postauth query entirely
  • add a note in the documentation which suggests a postauth query that doesn't log the password - this would require to to edit the postauth model and make the password field not required

Let's proceed as follows:

  • allow the password field to be blank
  • add an API method called postauth
  • for successful authentications, do not store passwords
  • for failed authentications, store everything

@nemesisdesign nemesisdesign changed the title from [postauth] Default query exposes user password in clear to [postauth] Create API for postauth Jul 27, 2017

lillopaco added a commit that referenced this issue Jul 31, 2017

[postauth] Added API view for postauth
Implements and fixes #29                                                                                                                                                                                      Implements and fixes #29

lillopaco added a commit that referenced this issue Jul 31, 2017

[postauth] Added API view for postauth
Implements and fixes #29                                                                                                                                                                                      Implements and fixes #29

lillopaco added a commit that referenced this issue Jul 31, 2017

[postauth] Added API view for postauth
Implements and fixes #29                                                                                                                                                                                      Implements and fixes #29

lillopaco added a commit that referenced this issue Jul 31, 2017

[postauth] Added API view for postauth
Implements and fixes #29                                                                                                                                                                                      Implements and fixes #29

lillopaco added a commit that referenced this issue Aug 8, 2017

[postauth] Added API view for postauth
Implements and fixes #29                                                                                                                                                                                      Implements and fixes #29

@lillopaco lillopaco closed this in #44 Aug 8, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment