artanis
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Artanis] Using #:auth to Authenticate a User


From: Nala Ginrut
Subject: Re: [Artanis] Using #:auth to Authenticate a User
Date: Fri, 14 Sep 2018 15:42:38 +0800
User-agent: mu4e 1.1.0; emacs 25.1.1

Jonathan Schmeling writes:

> In authentication, the proper way is to fetch the random salt string from
> DB, then append to the user provided passwd, then run HMAC/hash, then
> compare the result to the stored hashed passwd.
>
> That's what I figured. But the example given in the doc.s is
>
> (post "/auth" #:auth '(table user "user" "passwd") #:session #t
>
> so I figured that the provided "user" and "passwd" designated the names of 
> the columns containing the username and the stored-hashed-password, 
> respectively. And then Artanis would take the user-provided-password (however 
> that gets passed; 'still not sure how to do it) and feed that to the HMAC 
> function's password parameter and the salt from the database to the HMAC 
> function's salt parameter and compare the result to the 
> stored-hashed-password gotten from the database.

I think the logic should be correct, and I polished the variable name to
make it clearer:
https://gitlab.com/NalaGinrut/artanis/commit/b8c4f8f9805bfdbf0e4a19669ca85773a0d3dd72

I think your problem is lacking of
------------------------------------
#:from-post #t
------------------------------------

So that Artanis will not handle the posted username and passwd which is
actually combined to be a query-string. Then you can get nothing but #f when
authentication module called post-ref function.

Here's an example to show how to write authentication with session
properly:
https://gitlab.com/NalaGinrut/artanis/blob/master/examples/blog.scm#L38


Best regards.

--
GNU Powered it
GPL Protected it
GOD Blessed it
HFG - NalaGinrut
Fingerprint F53B 4C56 95B5 E4D5 6093 4324 8469 6772 846A 0058

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]