Authenticator: Introduce AUTH_DEFAULT_SALT_SIZE
This commit is contained in:
parent
5037a17fba
commit
8b044d712b
|
|
@ -42,11 +42,12 @@ std::vector<char> Authenticator::pbkdf5(std::string password, const std::vector<
|
||||||
unsigned char hash[32];
|
unsigned char hash[32];
|
||||||
const EVP_MD *sha256 = EVP_sha256();
|
const EVP_MD *sha256 = EVP_sha256();
|
||||||
const unsigned char *rawsalt = reinterpret_cast<const unsigned char *>(salt.data());
|
const unsigned char *rawsalt = reinterpret_cast<const unsigned char *>(salt.data());
|
||||||
int ret = PKCS5_PBKDF2_HMAC(password.c_str(), password.size(), rawsalt, salt.size(), 300000, sha256, sizeof(hash), hash);
|
int ret =
|
||||||
|
PKCS5_PBKDF2_HMAC(password.c_str(), password.size(), rawsalt, salt.size(), 300000, sha256, sizeof(hash), hash);
|
||||||
if(ret != 1)
|
if(ret != 1)
|
||||||
{
|
{
|
||||||
Logger::error() << "Authenticator: pbkdf5: Failed to create hash";
|
Logger::error() << "Authenticator: pbkdf5: Failed to create hash";
|
||||||
return { };
|
return {};
|
||||||
}
|
}
|
||||||
std::vector<char> result;
|
std::vector<char> result;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
#include <variant>
|
#include <variant>
|
||||||
#include "database/userdao.h"
|
#include "database/userdao.h"
|
||||||
|
|
||||||
|
#define AUTH_DEFAULT_SALT_SIZE 32
|
||||||
enum AuthenticationError
|
enum AuthenticationError
|
||||||
{
|
{
|
||||||
UserNotFound,
|
UserNotFound,
|
||||||
|
|
|
||||||
|
|
@ -15,19 +15,20 @@ Response HandlerUserSettings::handleRequest(const Request &r)
|
||||||
|
|
||||||
if(newpassword != newpasswordconfirm)
|
if(newpassword != newpasswordconfirm)
|
||||||
{
|
{
|
||||||
//TODO: is not nice, users has to hit the back button...
|
// TODO: is not nice, users has to hit the back button...
|
||||||
return this->errorResponse("Passwords don't match", "The entered new passwords don't match");
|
return this->errorResponse("Passwords don't match", "The entered new passwords don't match");
|
||||||
}
|
}
|
||||||
auto userDao = this->database->createUserDao();
|
auto userDao = this->database->createUserDao();
|
||||||
Authenticator authenticator(*userDao);
|
Authenticator authenticator(*userDao);
|
||||||
|
|
||||||
std::variant<User, AuthenticationError> authresult = authenticator.authenticate(this->userSession->user.login, oldpassword);
|
std::variant<User, AuthenticationError> authresult =
|
||||||
|
authenticator.authenticate(this->userSession->user.login, oldpassword);
|
||||||
if(std::holds_alternative<AuthenticationError>(authresult))
|
if(std::holds_alternative<AuthenticationError>(authresult))
|
||||||
{
|
{
|
||||||
return this->errorResponse("Invalid current password", "The old password you entered is invalid");
|
return this->errorResponse("Invalid current password", "The old password you entered is invalid");
|
||||||
}
|
}
|
||||||
Random r;
|
Random r;
|
||||||
std::vector<char> salt = r.getRandom(23);
|
std::vector<char> salt = r.getRandom(AUTH_DEFAULT_SALT_SIZE);
|
||||||
User user = std::get<User>(authresult);
|
User user = std::get<User>(authresult);
|
||||||
user.salt = salt;
|
user.salt = salt;
|
||||||
user.password = authenticator.hash(newpassword, user.salt);
|
user.password = authenticator.hash(newpassword, user.salt);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue