[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Artanis] Using #:auth to Authenticate a User

From: Jonathan Schmeling
Subject: Re: [Artanis] Using #:auth to Authenticate a User
Date: Sat, 15 Sep 2018 02:37:26 +0000

On 09/14/2018 03:14 AM, Nala Ginrut wrote:
> Nala Ginrut writes:
>> I think your problem is lacking of
>> ------------------------------------
>> #:from-post #t
>> ------------------------------------
> Oops, I'm sorry to point a wrong way.
> In authentication module, it will handle posted data independently. So
> #:from-post is unecessary here.

No worries!

> I've checked the auth process again, it seems no problem. The HMAC
> function operates on both user input password and stored salt, then
> compare to the stored-password.
> For the error line:
> ---------------------------------------
> (string=? "e5f58613c328a069892ad68fe98002b559fa6d75526…" #f)
> ---------------------------------------
> Please notice that the first string "e5f58..." is the HMAC result from
> user input password and salt, the second string is the stored password
> fetched from the DB.
> Could you check it again?
> Best regards.
> --
> GNU Powered it
> GPL Protected it
> GOD Blessed it
> HFG - NalaGinrut
> Fingerprint F53B 4C56 95B5 E4D5 6093 4324 8469 6772 846A 0058

That's how I figured it worked but I'm still getting the same result. So 
I thought I might as well check that the proper things were getting sent 
to the HMAC function so I adjust it to ,(lambda (passwd salt) (format #f 
"~a" passwd)) and ,(lambda (passwd salt) (format #f "~a" salt)).

With the first one, the error returned (string=? "" #f) and (string=? 
"#f" #f), for the second. I'm specifying the column names correctly in 
the POST call, right? I don't know if it's case sensitive but they're 
fully capitalized in the database (from mysql with the password and salt 
replaced with ellipses, just 'cause they're long):

|  1 | test |    …     |  …   | NULL               | NULL    |

Last, – mostly because I'm really interested – how does the 
user-inputted password get passed through the POST call? Does the form 
need to specify the right name? I used passwd mostly as a guess since I 
couldn't find it specified in the doc.s.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]