Authenticator: Introduce AUTH_DEFAULT_SALT_SIZE

这个提交包含在:
2021-10-03 17:01:03 +02:00
父节点 5037a17fba
当前提交 8b044d712b
共有 3 个文件被更改,包括 8 次插入5 次删除

查看文件

@@ -15,19 +15,20 @@ Response HandlerUserSettings::handleRequest(const Request &r)
if(newpassword != newpasswordconfirm)
{
//TODO: is not nice, users has to hit the back button...
// TODO: is not nice, users has to hit the back button...
return this->errorResponse("Passwords don't match", "The entered new passwords don't match");
}
auto userDao = this->database->createUserDao();
Authenticator authenticator(*userDao);
std::variant<User, AuthenticationError> authresult = authenticator.authenticate(this->userSession->user.login, oldpassword);
std::variant<User, AuthenticationError> authresult =
authenticator.authenticate(this->userSession->user.login, oldpassword);
if(std::holds_alternative<AuthenticationError>(authresult))
{
return this->errorResponse("Invalid current password", "The old password you entered is invalid");
}
Random r;
std::vector<char> salt = r.getRandom(23);
std::vector<char> salt = r.getRandom(AUTH_DEFAULT_SALT_SIZE);
User user = std::get<User>(authresult);
user.salt = salt;
user.password = authenticator.hash(newpassword, user.salt);