Add password_iter option
This commit is contained in:
parent
23ca1beb05
commit
a6fe9ada45
3 changed files with 13 additions and 7 deletions
|
|
@ -40,9 +40,8 @@ let user_info_of_sexp =
|
|||
let h count salt password =
|
||||
Pbkdf.pbkdf2 ~prf ~count ~dk_len ~salt ~password:(Cstruct.of_string password)
|
||||
|
||||
let hash ~username ~password =
|
||||
let hash ?(password_iter=default_count) ~username ~password () =
|
||||
let salt = Mirage_crypto_rng.generate 16 in
|
||||
let password_iter = default_count in
|
||||
let password_hash = h password_iter salt password in
|
||||
{ username; password_hash; password_salt = salt; password_iter }
|
||||
|
||||
|
|
|
|||
|
|
@ -125,7 +125,7 @@ let do_migrate dbpath =
|
|||
let migrate () dbpath =
|
||||
or_die 1 (do_migrate dbpath)
|
||||
|
||||
let user_mod action dbpath username =
|
||||
let user_mod action dbpath password_iter username =
|
||||
let r =
|
||||
Caqti_blocking.connect
|
||||
(Uri.make ~scheme:"sqlite3" ~path:dbpath ~query:["create", ["false"]] ())
|
||||
|
|
@ -134,7 +134,7 @@ let user_mod action dbpath username =
|
|||
flush stdout;
|
||||
(* FIXME: getpass *)
|
||||
let password = read_line () in
|
||||
let user_info = Builder_web_auth.hash ~username ~password in
|
||||
let user_info = Builder_web_auth.hash ?password_iter ~username ~password () in
|
||||
match action with
|
||||
| `Add ->
|
||||
Db.exec Builder_db.User.add user_info
|
||||
|
|
@ -192,6 +192,12 @@ let username =
|
|||
pos 0 (some string) None &
|
||||
info ~doc ~docv:"USERNAME" [])
|
||||
|
||||
let password_iter =
|
||||
let doc = "password hash count" in
|
||||
Cmdliner.Arg.(value &
|
||||
opt (some int) None &
|
||||
info ~doc ["hash-count"])
|
||||
|
||||
let datadir =
|
||||
let doc = Cmdliner.Arg.info ~doc:"builder data dir" ["datadir"] in
|
||||
Cmdliner.Arg.(value &
|
||||
|
|
@ -227,12 +233,12 @@ let add_cmd =
|
|||
|
||||
let user_add_cmd =
|
||||
let doc = "add a user" in
|
||||
(Cmdliner.Term.(pure user_add $ setup_log $ dbpath $ username),
|
||||
(Cmdliner.Term.(pure user_add $ setup_log $ dbpath $ password_iter $ username),
|
||||
Cmdliner.Term.info ~doc "user-add")
|
||||
|
||||
let user_update_cmd =
|
||||
let doc = "update a user password" in
|
||||
(Cmdliner.Term.(pure user_add $ setup_log $ dbpath $ username),
|
||||
(Cmdliner.Term.(pure user_add $ setup_log $ dbpath $ password_iter $ username),
|
||||
Cmdliner.Term.info ~doc "user-update")
|
||||
|
||||
let user_remove_cmd =
|
||||
|
|
|
|||
|
|
@ -57,7 +57,8 @@ let authorized t handler = fun req ->
|
|||
then handler req
|
||||
else Lwt.return unauthorized
|
||||
| Ok None ->
|
||||
ignore (Builder_web_auth.hash ~username ~password);
|
||||
let _ : Builder_web_auth.user_info =
|
||||
Builder_web_auth.hash ~username ~password () in
|
||||
Lwt.return unauthorized
|
||||
| Error e ->
|
||||
Log.warn (fun m -> m "Error getting user: %a" pp_error e);
|
||||
|
|
|
|||
Loading…
Reference in a new issue