[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Artanis] Using #:auth to Authenticate a User

From: Jonathan Schmeling
Subject: [Artanis] Using #:auth to Authenticate a User
Date: Wed, 12 Sep 2018 03:16:11 +0000

Hey, hey.

I tried sending this through Yahoo! but I don't think in work but, in case it comes through twice, that may be why.

I was attempting to use #:auth with a post route but i may be missing something since I can't get it to work.

I've added the SQL table that'll hold users and it has a username, password, and salt column (amongst others).

I created a page with an HTML form that has two textboxes – one for a username and one for password – that makes a post call to the aforementioned endpoint.

But that's where my first question arises: how do I properly pass those values to the endpoint (i.e. what should go in the name="…" attributes since I assume it's via query string but I could be wrong)?

Currently, things are errorring out with

In ice-9/boot-9.scm:
    829:9  3 (catch artanis-err #<procedure 5578813493e0 at artanis…> …)
In unknown file:
           2 (_ #<procedure 557881350b60 at artanis/page.scm:86:6 ()> …)
In app/controllers/sign-in.scm:
    27:18  1 (_ #<route-context handler: #<procedure 7fc6faae67e0 at…>)
In unknown file:
           0 (string=? "e5f58613c328a069892ad68fe98002b559fa6d75526…" …)
In procedure string=: Wrong type argument in position 2 (expecting string): #f
HTTP 500
Captured in </tmp/artanis-0.2.5/artanis/server/ragnarok.scm>
Threw in procedure handle-request :
[REASON] Internal ERROR wrong-type-arg (string= Wrong type argument in position ~A (expecting ~A): ~S (2 string #f) (#f))!
[SERVER ERROR] Internal error from server-side, rendering a 500 page for client ...

due to comparing what's drawn from the database to #f (I assume since I'm not properly passing the data to be compared to the endpoint so it's defaulting to false).

But I'm also, likely, confused about the HMAC function portion, as well.

I thought the general way to handle passwords were, when users sign up, you add a salt to the password, hash the whole thing, and then save the result and the salt in the database so you don't save the password in the database directly.

But #:auth seems to grab the password and salt columns from the database…and then append the two together and run them from the HMAC/hash function. Which seems to be the result of what I'd expect.

I'm at a loss so any clarification would be great!


reply via email to

[Prev in Thread] Current Thread [Next in Thread]