Authenticator: Introduce AUTH_DEFAULT_SALT_SIZE

This commit is contained in:
Albert S. 2021-10-03 17:01:03 +02:00
parent 5037a17fba
commit 8b044d712b
3 changed files with 8 additions and 5 deletions

View File

@ -42,11 +42,12 @@ std::vector<char> Authenticator::pbkdf5(std::string password, const std::vector<
unsigned char hash[32];
const EVP_MD *sha256 = EVP_sha256();
const unsigned char *rawsalt = reinterpret_cast<const unsigned char *>(salt.data());
int ret = PKCS5_PBKDF2_HMAC(password.c_str(), password.size(), rawsalt, salt.size(), 300000, sha256, sizeof(hash), hash);
int ret =
PKCS5_PBKDF2_HMAC(password.c_str(), password.size(), rawsalt, salt.size(), 300000, sha256, sizeof(hash), hash);
if(ret != 1)
{
Logger::error() << "Authenticator: pbkdf5: Failed to create hash";
return { };
return {};
}
std::vector<char> result;

View File

@ -3,6 +3,7 @@
#include <variant>
#include "database/userdao.h"
#define AUTH_DEFAULT_SALT_SIZE 32
enum AuthenticationError
{
UserNotFound,

View File

@ -15,19 +15,20 @@ Response HandlerUserSettings::handleRequest(const Request &r)
if(newpassword != newpasswordconfirm)
{
//TODO: is not nice, users has to hit the back button...
// TODO: is not nice, users has to hit the back button...
return this->errorResponse("Passwords don't match", "The entered new passwords don't match");
}
auto userDao = this->database->createUserDao();
Authenticator authenticator(*userDao);
std::variant<User, AuthenticationError> authresult = authenticator.authenticate(this->userSession->user.login, oldpassword);
std::variant<User, AuthenticationError> authresult =
authenticator.authenticate(this->userSession->user.login, oldpassword);
if(std::holds_alternative<AuthenticationError>(authresult))
{
return this->errorResponse("Invalid current password", "The old password you entered is invalid");
}
Random r;
std::vector<char> salt = r.getRandom(23);
std::vector<char> salt = r.getRandom(AUTH_DEFAULT_SALT_SIZE);
User user = std::get<User>(authresult);
user.salt = salt;
user.password = authenticator.hash(newpassword, user.salt);