Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth: Added cmdline option to specify passwords are bcrypted #397

Merged
merged 1 commit into from Mar 17, 2018
Merged

auth: Added cmdline option to specify passwords are bcrypted #397

merged 1 commit into from Mar 17, 2018

Conversation

sum12
Copy link
Contributor

@sum12 sum12 commented Mar 16, 2018

bcryptpass cmdline informs the credentialStore that received passwords
should be hashed before comparing to the passwords obtained form the
authfile.

Closes #395

@sum12 sum12 force-pushed the hashedpass branch 3 times, most recently from 501e5cd to dfccd0f Compare March 16, 2018 17:54
@otoolep
Copy link
Member

otoolep commented Mar 16, 2018

Thanks for your PR. The functionality looks useful. However I think it's more complicated than it needs to be. There are two ways I think it could be simpler.

  1. Instead of passing bcrypt-pass to rqlited when it starts up, just try the existing logic. If that doesn't work, then try the bcrypt hash check. Only if both fail is the access blocked.
  2. Add a new field to the Passwords file, named, say, password_bcrypt. If this field exists check that, otherwise do the existing check. This change would be backwards compatible with existing files. Again you wouldn't need to pass bcrypt-pass to the binary.

This minimize the changes and means the way rqlited is launched is not changed.

@sum12
auth: passwords can be maked as hashed (bcrypt)
03dcfc4 
Passwords stored in auth file can be bcrypt hashes of the password
passed via the basic auth of the received request.

However unmakred passwords will be considered plain text thus
maintaining backward compatibility.

Added testcases.

Closes rqlite#395
@sum12
Copy link
Contributor Author

sum12 commented Mar 16, 2018

@otoolep thanks for the input.
I have update the PR to the second option. Let me know what you think.

@otoolep
Copy link
Member

otoolep commented Mar 17, 2018

Thanks @sum12, implementation generally looks good to me. -- I will merge this, and make a couple of changes on top of it.

@otoolep otoolep merged commit dd4e494 into rqlite:master Mar 17, 2018
@otoolep otoolep mentioned this pull request Mar 17, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@sum12 @otoolep