[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Artanis] Using #:auth to Authenticate a User
From: |
Nala Ginrut |
Subject: |
Re: [Artanis] Using #:auth to Authenticate a User |
Date: |
Fri, 14 Sep 2018 15:42:38 +0800 |
User-agent: |
mu4e 1.1.0; emacs 25.1.1 |
Jonathan Schmeling writes:
> In authentication, the proper way is to fetch the random salt string from
> DB, then append to the user provided passwd, then run HMAC/hash, then
> compare the result to the stored hashed passwd.
>
> That's what I figured. But the example given in the doc.s is
>
> (post "/auth" #:auth '(table user "user" "passwd") #:session #t
>
> so I figured that the provided "user" and "passwd" designated the names of
> the columns containing the username and the stored-hashed-password,
> respectively. And then Artanis would take the user-provided-password (however
> that gets passed; 'still not sure how to do it) and feed that to the HMAC
> function's password parameter and the salt from the database to the HMAC
> function's salt parameter and compare the result to the
> stored-hashed-password gotten from the database.
I think the logic should be correct, and I polished the variable name to
make it clearer:
https://gitlab.com/NalaGinrut/artanis/commit/b8c4f8f9805bfdbf0e4a19669ca85773a0d3dd72
I think your problem is lacking of
------------------------------------
#:from-post #t
------------------------------------
So that Artanis will not handle the posted username and passwd which is
actually combined to be a query-string. Then you can get nothing but #f when
authentication module called post-ref function.
Here's an example to show how to write authentication with session
properly:
https://gitlab.com/NalaGinrut/artanis/blob/master/examples/blog.scm#L38
Best regards.
--
GNU Powered it
GPL Protected it
GOD Blessed it
HFG - NalaGinrut
Fingerprint F53B 4C56 95B5 E4D5 6093 4324 8469 6772 846A 0058
signature.asc
Description: PGP signature
- [Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling, 2018/09/12
- Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/12
- Re: [Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling, 2018/09/12
- Re: [Artanis] Using #:auth to Authenticate a User,
Nala Ginrut <=
- Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/14
- Re: [Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling, 2018/09/14
- Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/16
- Re: [Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling, 2018/09/17
- Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/19
- Re: [Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling, 2018/09/20
- Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/25