Re: [Artanis] Using #:auth to Authenticate a User

artanis

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Artanis] Using #:auth to Authenticate a User

From:	Jonathan Schmeling
Subject:	Re: [Artanis] Using #:auth to Authenticate a User
Date:	Sat, 15 Sep 2018 02:37:26 +0000

On 09/14/2018 03:14 AM, Nala Ginrut wrote:
> Nala Ginrut writes:
>
>> I think your problem is lacking of
>> ------------------------------------
>> #:from-post #t
>> ------------------------------------
> Oops, I'm sorry to point a wrong way.
> In authentication module, it will handle posted data independently. So
> #:from-post is unecessary here.

No worries!

>
> I've checked the auth process again, it seems no problem. The HMAC
> function operates on both user input password and stored salt, then
> compare to the stored-password.
>
> For the error line:
> ---------------------------------------
> (string=? "e5f58613c328a069892ad68fe98002b559fa6d75526…" #f)
> ---------------------------------------
>
> Please notice that the first string "e5f58..." is the HMAC result from
> user input password and salt, the second string is the stored password
> fetched from the DB.
>
> Could you check it again?
>
> Best regards.
>
>
> --
> GNU Powered it
> GPL Protected it
> GOD Blessed it
> HFG - NalaGinrut
> Fingerprint F53B 4C56 95B5 E4D5 6093 4324 8469 6772 846A 0058

That's how I figured it worked but I'm still getting the same result. So 
I thought I might as well check that the proper things were getting sent 
to the HMAC function so I adjust it to ,(lambda (passwd salt) (format #f 
"~a" passwd)) and ,(lambda (passwd salt) (format #f "~a" salt)).

With the first one, the error returned (string=? "" #f) and (string=? 
"#f" #f), for the second. I'm specifying the column names correctly in 
the POST call, right? I don't know if it's case sensitive but they're 
fully capitalized in the database (from mysql with the password and salt 
replaced with ellipses, just 'cause they're long):

+----+------+----------+------+--------------------+---------+
| ID | NAME | PASSWORD | SALT | PREFERRED_USERNAME | SUMMARY |
+----+------+----------+------+--------------------+---------+
|  1 | test |    …     |  …   | NULL               | NULL    |
+----+------+----------+------+--------------------+---------+

Last, – mostly because I'm really interested – how does the 
user-inputted password get passed through the POST call? Does the form 
need to specify the right name? I used passwd mostly as a guess since I 
couldn't find it specified in the doc.s.

Jonathan

[Prev in Thread]

Current Thread

[Next in Thread]

[Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling, 2018/09/12
- Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/12
  - Re: [Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling, 2018/09/12
    - Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/14
    - Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/14
    - Re: [Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling <=
    - Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/16
    - Re: [Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling, 2018/09/17
    - Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/19
    - Re: [Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling, 2018/09/20
    - Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/25

Prev by Date: Re: [Artanis] accept POST in "application" mode
Next by Date: Re: [Artanis] Using #:auth to Authenticate a User
Previous by thread: Re: [Artanis] Using #:auth to Authenticate a User
Next by thread: Re: [Artanis] Using #:auth to Authenticate a User
Index(es):
- Date
- Thread