[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Artanis] Using #:auth to Authenticate a User

From: Nala Ginrut
Subject: Re: [Artanis] Using #:auth to Authenticate a User
Date: Fri, 14 Sep 2018 15:42:38 +0800
User-agent: mu4e 1.1.0; emacs 25.1.1

Jonathan Schmeling writes:

> In authentication, the proper way is to fetch the random salt string from
> DB, then append to the user provided passwd, then run HMAC/hash, then
> compare the result to the stored hashed passwd.
> That's what I figured. But the example given in the doc.s is
> (post "/auth" #:auth '(table user "user" "passwd") #:session #t
> so I figured that the provided "user" and "passwd" designated the names of 
> the columns containing the username and the stored-hashed-password, 
> respectively. And then Artanis would take the user-provided-password (however 
> that gets passed; 'still not sure how to do it) and feed that to the HMAC 
> function's password parameter and the salt from the database to the HMAC 
> function's salt parameter and compare the result to the 
> stored-hashed-password gotten from the database.

I think the logic should be correct, and I polished the variable name to
make it clearer:

I think your problem is lacking of
#:from-post #t

So that Artanis will not handle the posted username and passwd which is
actually combined to be a query-string. Then you can get nothing but #f when
authentication module called post-ref function.

Here's an example to show how to write authentication with session

Best regards.

GNU Powered it
GPL Protected it
GOD Blessed it
HFG - NalaGinrut
Fingerprint F53B 4C56 95B5 E4D5 6093 4324 8469 6772 846A 0058

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]