diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/login/static_provider.rs | 27 | ||||
-rw-r--r-- | src/main.rs | 5 |
2 files changed, 26 insertions, 6 deletions
diff --git a/src/login/static_provider.rs b/src/login/static_provider.rs index cc0c8cb..74a6c14 100644 --- a/src/login/static_provider.rs +++ b/src/login/static_provider.rs @@ -32,7 +32,7 @@ impl LoginProvider for StaticLoginProvider { match self.users.get(username) { None => bail!("User {} does not exist", username), Some(u) => { - if !verify_password(password, &u.password) { + if !verify_password(password, &u.password)? { bail!("Wrong password"); } let bucket = u @@ -71,10 +71,27 @@ impl LoginProvider for StaticLoginProvider { } } -pub fn hash_password(password: &str) -> String { - unimplemented!() +pub fn hash_password(password: &str) -> Result<String> { + use argon2::{ + password_hash::{rand_core::OsRng, PasswordHasher, SaltString}, + Argon2, + }; + let salt = SaltString::generate(&mut OsRng); + let argon2 = Argon2::default(); + Ok(argon2 + .hash_password(password.as_bytes(), &salt) + .map_err(|e| anyhow!("Argon2 error: {}", e))? + .to_string()) } -pub fn verify_password(password: &str, hash: &str) -> bool { - unimplemented!() +pub fn verify_password(password: &str, hash: &str) -> Result<bool> { + use argon2::{ + password_hash::{rand_core::OsRng, PasswordHash, PasswordVerifier}, + Argon2, + }; + let parsed_hash = + PasswordHash::new(&hash).map_err(|e| anyhow!("Invalid hashed password: {}", e))?; + Ok(Argon2::default() + .verify_password(password.as_bytes(), &parsed_hash) + .is_ok()) } diff --git a/src/main.rs b/src/main.rs index 04c0705..dcdd335 100644 --- a/src/main.rs +++ b/src/main.rs @@ -222,7 +222,10 @@ fn make_storage_creds(c: StorageCredsArgs) -> StorageCredentials { fn dump_config(password: &str, creds: &StorageCredentials) { println!("[login_static.users.<username>]"); - println!("password = \"{}\"", hash_password(password)); //TODO + println!( + "password = \"{}\"", + hash_password(password).expect("unable to hash password") + ); println!("aws_access_key_id = \"{}\"", creds.aws_access_key_id); println!( "aws_secret_access_key = \"{}\"", |