merged master into configuration
This commit is contained in:
commit
5e7742fc40
6
dub.json
6
dub.json
|
|
@ -4,15 +4,11 @@
|
|||
"Johannes Loher"
|
||||
],
|
||||
"dependencies": {
|
||||
"dauth": "~>0.6.3",
|
||||
"mysql-native": "~>1.1.2",
|
||||
"botan": "~>1.12.9",
|
||||
"vibe-d": "~>0.8.1",
|
||||
"vibe-d:tls": "~>0.8.1",
|
||||
"poodinis": "~>8.0.1"
|
||||
},
|
||||
"subConfigurations": {
|
||||
"vibe-d:tls": "botan"
|
||||
},
|
||||
"description": "A simple webapplication to edit and view calendar entries",
|
||||
"copyright": "Copyright © 2017, Johannes Loher",
|
||||
"license": "MIT",
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ USE CalendarWebapp;
|
|||
CREATE TABLE users (
|
||||
id MEDIUMINT UNSIGNED NOT NULL AUTO_INCREMENT,
|
||||
username CHAR(30) NOT NULL UNIQUE,
|
||||
passwordHash CHAR(60) NOT NULL,
|
||||
passwordHash CHAR(92) NOT NULL,
|
||||
privilege TINYINT UNSIGNED NOT NULL,
|
||||
PRIMARY KEY (id)
|
||||
);
|
||||
|
|
@ -21,4 +21,4 @@ CREATE TABLE events (
|
|||
);
|
||||
|
||||
INSERT INTO users (username, passwordHash, privilege) VALUES ('foo',
|
||||
'$2a$10$9LBqOZV99ARiE4Nx.2b7GeYfqk2.0A32PWGu2cRGyW2hRJ0xeDfnO', 2);
|
||||
'$5$eGohWUmw9yyiTqG7kti1MmT/jR52raEVlYuHQJa/sYk=$ucI+vTQq38Rr5RUAatd4Om0Dy9fuF0oKgkuVCuXSnxc=', 2);
|
||||
|
|
|
|||
|
|
@ -30,8 +30,6 @@ private:
|
|||
public:
|
||||
Nullable!AuthInfo checkUser(string username, string password) @safe
|
||||
{
|
||||
import botan.passhash.bcrypt : checkBcrypt;
|
||||
|
||||
auto result = users.findOne(["username" : username]);
|
||||
/* checkHash should be called using vibe.core.concurrency.async to
|
||||
avoid blocking, but https://github.com/vibe-d/vibe.d/issues/1521 is
|
||||
|
|
|
|||
|
|
@ -1,12 +1,9 @@
|
|||
module calendarwebapp.configuration;
|
||||
|
||||
import botan.rng.auto_rng : AutoSeededRNG;
|
||||
import botan.rng.rng : RandomNumberGenerator;
|
||||
|
||||
import calendarwebapp.authenticator : Authenticator;
|
||||
import calendarwebapp.calendarwebapp : CalendarWebapp;
|
||||
import calendarwebapp.event : EventStore;
|
||||
import calendarwebapp.passhash : BcryptPasswordHasher, PasswordHasher;
|
||||
import calendarwebapp.passhash : PasswordHasher, SHA256PasswordHasher;
|
||||
|
||||
import poodinis;
|
||||
|
||||
|
|
@ -48,8 +45,7 @@ public:
|
|||
logInfo("Using MySQL as database system");
|
||||
break;
|
||||
}
|
||||
container.register!(PasswordHasher, BcryptPasswordHasher);
|
||||
container.register!(RandomNumberGenerator, AutoSeededRNG);
|
||||
container.register!(PasswordHasher, SHA256PasswordHasher);
|
||||
container.register!CalendarWebapp;
|
||||
container.register!(ValueInjector!string, StringInjector);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,33 +1,11 @@
|
|||
module calendarwebapp.passhash;
|
||||
|
||||
import poodinis;
|
||||
|
||||
interface PasswordHasher
|
||||
{
|
||||
string generateHash(in string password) @safe;
|
||||
string generateHash(in string password) const @safe;
|
||||
bool checkHash(in string password, in string hash) const @safe;
|
||||
}
|
||||
|
||||
class BcryptPasswordHasher : PasswordHasher
|
||||
{
|
||||
import botan.passhash.bcrypt : checkBcrypt, generateBcrypt;
|
||||
import botan.rng.rng : RandomNumberGenerator;
|
||||
|
||||
string generateHash(in string password) @safe
|
||||
{
|
||||
return (() @trusted => generateBcrypt(password, rng, cost))();
|
||||
}
|
||||
|
||||
bool checkHash(in string password, in string hash) const @safe
|
||||
{
|
||||
return (()@trusted => checkBcrypt(password, hash))();
|
||||
}
|
||||
|
||||
private:
|
||||
@Autowire RandomNumberGenerator rng;
|
||||
enum cost = 10;
|
||||
}
|
||||
|
||||
class StubPasswordHasher : PasswordHasher
|
||||
{
|
||||
string generateHash(in string password) const @safe pure nothrow
|
||||
|
|
@ -40,3 +18,19 @@ class StubPasswordHasher : PasswordHasher
|
|||
return password == hash;
|
||||
}
|
||||
}
|
||||
|
||||
class SHA256PasswordHasher : PasswordHasher
|
||||
{
|
||||
import dauth : dupPassword, isSameHash, makeHash, parseHash;
|
||||
import std.digest.sha : SHA256;
|
||||
|
||||
string generateHash(in string password) const @safe
|
||||
{
|
||||
return (() @trusted => password.dupPassword.makeHash!SHA256.toCryptString)();
|
||||
}
|
||||
|
||||
bool checkHash(in string password, in string hash) const @safe
|
||||
{
|
||||
return (() @trusted => isSameHash(password.dupPassword, parseHash(hash)))();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,25 +2,8 @@ module test.calendarwebapp.testpasshash;
|
|||
|
||||
import calendarwebapp.passhash;
|
||||
|
||||
import poodinis;
|
||||
|
||||
import unit_threaded;
|
||||
|
||||
@("BcryptPasswordHasher")
|
||||
@Values("", "test", "langesKompliziertesPasswort")
|
||||
@system unittest
|
||||
{
|
||||
import botan.rng.rng : RandomNumberGenerator;
|
||||
import botan.rng.auto_rng : AutoSeededRNG;
|
||||
auto container = new shared DependencyContainer;
|
||||
container.register!(RandomNumberGenerator, AutoSeededRNG);
|
||||
container.register!(PasswordHasher, BcryptPasswordHasher);
|
||||
|
||||
auto hasher = container.resolve!PasswordHasher;
|
||||
immutable testPassword = getValue!string;
|
||||
hasher.checkHash(testPassword, hasher.generateHash(testPassword)).shouldBeTrue;
|
||||
}
|
||||
|
||||
@("StubPasswordHasher")
|
||||
@Values("", "test", "langesKompliziertesPasswort")
|
||||
@safe unittest
|
||||
|
|
@ -29,3 +12,12 @@ import unit_threaded;
|
|||
immutable testPassword = getValue!string;
|
||||
hasher.checkHash(testPassword, hasher.generateHash(testPassword)).shouldBeTrue;
|
||||
}
|
||||
|
||||
@("SHA256PasswordHasher")
|
||||
@Values("", "test", "langesKompliziertesPasswort")
|
||||
@safe unittest
|
||||
{
|
||||
immutable hasher = new SHA256PasswordHasher;
|
||||
immutable testPassword = getValue!string;
|
||||
hasher.checkHash(testPassword, hasher.generateHash(testPassword)).shouldBeTrue;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue