Authenticator: Introduce AUTH_DEFAULT_SALT_SIZE

This commit is contained in:
Albert S. 2021-10-03 17:01:03 +02:00
parent 5037a17fba
commit 8b044d712b
3 changed files with 8 additions and 5 deletions

View File

@ -42,11 +42,12 @@ std::vector<char> Authenticator::pbkdf5(std::string password, const std::vector<
unsigned char hash[32]; unsigned char hash[32];
const EVP_MD *sha256 = EVP_sha256(); const EVP_MD *sha256 = EVP_sha256();
const unsigned char *rawsalt = reinterpret_cast<const unsigned char *>(salt.data()); const unsigned char *rawsalt = reinterpret_cast<const unsigned char *>(salt.data());
int ret = PKCS5_PBKDF2_HMAC(password.c_str(), password.size(), rawsalt, salt.size(), 300000, sha256, sizeof(hash), hash); int ret =
PKCS5_PBKDF2_HMAC(password.c_str(), password.size(), rawsalt, salt.size(), 300000, sha256, sizeof(hash), hash);
if(ret != 1) if(ret != 1)
{ {
Logger::error() << "Authenticator: pbkdf5: Failed to create hash"; Logger::error() << "Authenticator: pbkdf5: Failed to create hash";
return { }; return {};
} }
std::vector<char> result; std::vector<char> result;

View File

@ -3,6 +3,7 @@
#include <variant> #include <variant>
#include "database/userdao.h" #include "database/userdao.h"
#define AUTH_DEFAULT_SALT_SIZE 32
enum AuthenticationError enum AuthenticationError
{ {
UserNotFound, UserNotFound,

View File

@ -15,19 +15,20 @@ Response HandlerUserSettings::handleRequest(const Request &r)
if(newpassword != newpasswordconfirm) if(newpassword != newpasswordconfirm)
{ {
//TODO: is not nice, users has to hit the back button... // TODO: is not nice, users has to hit the back button...
return this->errorResponse("Passwords don't match", "The entered new passwords don't match"); return this->errorResponse("Passwords don't match", "The entered new passwords don't match");
} }
auto userDao = this->database->createUserDao(); auto userDao = this->database->createUserDao();
Authenticator authenticator(*userDao); Authenticator authenticator(*userDao);
std::variant<User, AuthenticationError> authresult = authenticator.authenticate(this->userSession->user.login, oldpassword); std::variant<User, AuthenticationError> authresult =
authenticator.authenticate(this->userSession->user.login, oldpassword);
if(std::holds_alternative<AuthenticationError>(authresult)) if(std::holds_alternative<AuthenticationError>(authresult))
{ {
return this->errorResponse("Invalid current password", "The old password you entered is invalid"); return this->errorResponse("Invalid current password", "The old password you entered is invalid");
} }
Random r; Random r;
std::vector<char> salt = r.getRandom(23); std::vector<char> salt = r.getRandom(AUTH_DEFAULT_SALT_SIZE);
User user = std::get<User>(authresult); User user = std::get<User>(authresult);
user.salt = salt; user.salt = salt;
user.password = authenticator.hash(newpassword, user.salt); user.password = authenticator.hash(newpassword, user.salt);