Merge branch 'async_password_hashing' into 'master'

do password hashing asynchronously

See merge request fsimphy/calendar-webapp!17
This commit is contained in:
Johannes Loher 2017-12-09 23:23:52 +01:00
commit 5f644650a9
2 changed files with 15 additions and 11 deletions

View file

@ -30,14 +30,15 @@ private:
public: public:
Nullable!AuthInfo checkUser(string username, string password) @safe Nullable!AuthInfo checkUser(string username, string password) @safe
{ {
auto result = users.findOne(["username" : username]); import vibe.core.concurrency : async;
/* checkHash should be called using vibe.core.concurrency.async to
avoid blocking, but https://github.com/vibe-d/vibe.d/issues/1521 is immutable result = users.findOne(["username" : username]);
blocking this */
if (result != Bson(null)) if (result != Bson(null))
{ {
auto authInfo = result.deserializeBson!AuthInfo; auto authInfo = result.deserializeBson!AuthInfo;
if (passwordHasher.checkHash(password, authInfo.passwordHash)) if ((()@trusted => async(() => passwordHasher.checkHash(password,
authInfo.passwordHash)).getResult)())
{ {
return authInfo.nullable; return authInfo.nullable;
} }
@ -95,6 +96,8 @@ private:
public: public:
Nullable!AuthInfo checkUser(string username, string password) @trusted Nullable!AuthInfo checkUser(string username, string password) @trusted
{ {
import vibe.core.concurrency : async;
auto cn = pool.lockConnection(); auto cn = pool.lockConnection();
scope (exit) scope (exit)
cn.close(); cn.close();
@ -109,7 +112,7 @@ public:
if (!result.empty) if (!result.empty)
{ {
auto authInfo = toAuthInfo(result.front); auto authInfo = toAuthInfo(result.front);
if (passwordHasher.checkHash(password, authInfo.passwordHash)) if (async(() => passwordHasher.checkHash(password, authInfo.passwordHash)).getResult)
{ {
return authInfo.nullable; return authInfo.nullable;
} }
@ -152,7 +155,7 @@ public:
private: private:
AuthInfo toAuthInfo(Row r) AuthInfo toAuthInfo(in Row r)
{ {
import std.conv : to; import std.conv : to;

View file

@ -65,7 +65,6 @@ public:
render!("createevent.dt", _error, authInfo); render!("createevent.dt", _error, authInfo);
} }
@auth(Role.user | Role.admin) @errorDisplay!getCreateevent void postCreateevent(Date begin, @auth(Role.user | Role.admin) @errorDisplay!getCreateevent void postCreateevent(Date begin,
Nullable!Date end, string description, string name, EventType type, bool shout) Nullable!Date end, string description, string name, EventType type, bool shout)
{ {
@ -109,8 +108,10 @@ public:
@auth(Role.admin) @errorDisplay!getCreateuser void postCreateuser(string username, @auth(Role.admin) @errorDisplay!getCreateuser void postCreateuser(string username,
string password, Privilege role) string password, Privilege role)
{ {
import vibe.core.concurrency : async;
authenticator.addUser(AuthInfo("", username, authenticator.addUser(AuthInfo("", username,
passwordHasher.generateHash(password), role)); async(() => passwordHasher.generateHash(password)).getResult, role));
redirect("/users"); redirect("/users");
} }
@ -121,8 +122,8 @@ private:
string field; string field;
} }
SessionVar!(AuthInfo, "authInfo") authInfo = AuthInfo("", SessionVar!(AuthInfo, "authInfo") authInfo = AuthInfo("", string.init,
string.init, string.init, Privilege.None); string.init, Privilege.None);
@Autowire EventStore eventStore; @Autowire EventStore eventStore;
@Autowire Authenticator authenticator; @Autowire Authenticator authenticator;