robur/builder-web
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add password_iter option

Browse source
This commit is contained in:
Reynir Björnsson 2021-01-21 12:01:47 +01:00
parent 23ca1beb05
commit a6fe9ada45
3 changed files with 13 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
auth/builder_web_auth.ml
View file

@ -40,9 +40,8 @@ let user_info_of_sexp =
let h count salt password = let h count salt password =
Pbkdf.pbkdf2 ~prf ~count ~dk_len ~salt ~password:(Cstruct.of_string password) Pbkdf.pbkdf2 ~prf ~count ~dk_len ~salt ~password:(Cstruct.of_string password)
let hash ~username ~password = let hash ?(password_iter=default_count) ~username ~password () =
let salt = Mirage_crypto_rng.generate 16 in let salt = Mirage_crypto_rng.generate 16 in
let password_iter = default_count in
let password_hash = h password_iter salt password in let password_hash = h password_iter salt password in
{ username; password_hash; password_salt = salt; password_iter } { username; password_hash; password_salt = salt; password_iter }

14
bin/builder_db.ml
View file

@ -125,7 +125,7 @@ let do_migrate dbpath =
let migrate () dbpath = let migrate () dbpath =
or_die 1 (do_migrate dbpath) or_die 1 (do_migrate dbpath)
let user_mod action dbpath username = let user_mod action dbpath password_iter username =
let r = let r =
Caqti_blocking.connect Caqti_blocking.connect
(Uri.make ~scheme:"sqlite3" ~path:dbpath ~query:["create", ["false"]] ()) (Uri.make ~scheme:"sqlite3" ~path:dbpath ~query:["create", ["false"]] ())
@ -134,7 +134,7 @@ let user_mod action dbpath username =
flush stdout; flush stdout;
(* FIXME: getpass *) (* FIXME: getpass *)
let password = read_line () in let password = read_line () in
let user_info = Builder_web_auth.hash ~username ~password in let user_info = Builder_web_auth.hash ?password_iter ~username ~password () in
match action with match action with
| `Add -> | `Add ->
Db.exec Builder_db.User.add user_info Db.exec Builder_db.User.add user_info
@ -192,6 +192,12 @@ let username =
pos 0 (some string) None & pos 0 (some string) None &
info ~doc ~docv:"USERNAME" []) info ~doc ~docv:"USERNAME" [])
let password_iter =
let doc = "password hash count" in
Cmdliner.Arg.(value &
opt (some int) None &
info ~doc ["hash-count"])
let datadir = let datadir =
let doc = Cmdliner.Arg.info ~doc:"builder data dir" ["datadir"] in let doc = Cmdliner.Arg.info ~doc:"builder data dir" ["datadir"] in
Cmdliner.Arg.(value & Cmdliner.Arg.(value &
@ -227,12 +233,12 @@ let add_cmd =
let user_add_cmd = let user_add_cmd =
let doc = "add a user" in let doc = "add a user" in
(Cmdliner.Term.(pure user_add $ setup_log $ dbpath $ username), (Cmdliner.Term.(pure user_add $ setup_log $ dbpath $ password_iter $ username),
Cmdliner.Term.info ~doc "user-add") Cmdliner.Term.info ~doc "user-add")
let user_update_cmd = let user_update_cmd =
let doc = "update a user password" in let doc = "update a user password" in
(Cmdliner.Term.(pure user_add $ setup_log $ dbpath $ username), (Cmdliner.Term.(pure user_add $ setup_log $ dbpath $ password_iter $ username),
Cmdliner.Term.info ~doc "user-update") Cmdliner.Term.info ~doc "user-update")
let user_remove_cmd = let user_remove_cmd =

3
lib/builder_web.ml
View file

@ -57,7 +57,8 @@ let authorized t handler = fun req ->
then handler req then handler req
else Lwt.return unauthorized else Lwt.return unauthorized
| Ok None -> | Ok None ->
ignore (Builder_web_auth.hash ~username ~password); let _ : Builder_web_auth.user_info =
Builder_web_auth.hash ~username ~password () in
Lwt.return unauthorized Lwt.return unauthorized
| Error e -> | Error e ->
Log.warn (fun m -> m "Error getting user: %a" pp_error e); Log.warn (fun m -> m "Error getting user: %a" pp_error e);