aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/login/static_provider.rs27
-rw-r--r--src/main.rs5
2 files changed, 26 insertions, 6 deletions
diff --git a/src/login/static_provider.rs b/src/login/static_provider.rs
index cc0c8cb..74a6c14 100644
--- a/src/login/static_provider.rs
+++ b/src/login/static_provider.rs
@@ -32,7 +32,7 @@ impl LoginProvider for StaticLoginProvider {
match self.users.get(username) {
None => bail!("User {} does not exist", username),
Some(u) => {
- if !verify_password(password, &u.password) {
+ if !verify_password(password, &u.password)? {
bail!("Wrong password");
}
let bucket = u
@@ -71,10 +71,27 @@ impl LoginProvider for StaticLoginProvider {
}
}
-pub fn hash_password(password: &str) -> String {
- unimplemented!()
+pub fn hash_password(password: &str) -> Result<String> {
+ use argon2::{
+ password_hash::{rand_core::OsRng, PasswordHasher, SaltString},
+ Argon2,
+ };
+ let salt = SaltString::generate(&mut OsRng);
+ let argon2 = Argon2::default();
+ Ok(argon2
+ .hash_password(password.as_bytes(), &salt)
+ .map_err(|e| anyhow!("Argon2 error: {}", e))?
+ .to_string())
}
-pub fn verify_password(password: &str, hash: &str) -> bool {
- unimplemented!()
+pub fn verify_password(password: &str, hash: &str) -> Result<bool> {
+ use argon2::{
+ password_hash::{rand_core::OsRng, PasswordHash, PasswordVerifier},
+ Argon2,
+ };
+ let parsed_hash =
+ PasswordHash::new(&hash).map_err(|e| anyhow!("Invalid hashed password: {}", e))?;
+ Ok(Argon2::default()
+ .verify_password(password.as_bytes(), &parsed_hash)
+ .is_ok())
}
diff --git a/src/main.rs b/src/main.rs
index 04c0705..dcdd335 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -222,7 +222,10 @@ fn make_storage_creds(c: StorageCredsArgs) -> StorageCredentials {
fn dump_config(password: &str, creds: &StorageCredentials) {
println!("[login_static.users.<username>]");
- println!("password = \"{}\"", hash_password(password)); //TODO
+ println!(
+ "password = \"{}\"",
+ hash_password(password).expect("unable to hash password")
+ );
println!("aws_access_key_id = \"{}\"", creds.aws_access_key_id);
println!(
"aws_secret_access_key = \"{}\"",