[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Artanis] Using #:auth to Authenticate a User
|
From: |
Nala Ginrut |
|
Subject: |
Re: [Artanis] Using #:auth to Authenticate a User |
|
Date: |
Thu, 13 Sep 2018 02:01:52 +0800 |
|
User-agent: |
mu4e 1.1.0; emacs 25.1.1 |
Jonathan Schmeling writes:
> In ice-9/boot-9.scm:
> 829:9 3 (catch artanis-err #<procedure 5578813493e0 at artanis…> …)
> In unknown file:
> 2 (_ #<procedure 557881350b60 at artanis/page.scm:86:6 ()> …)
> In app/controllers/sign-in.scm:
> 27:18 1 (_ #<route-context handler: #<procedure 7fc6faae67e0 at…>)
> In unknown file:
> 0 (string=? "e5f58613c328a069892ad68fe98002b559fa6d75526…" …)
> In procedure string=: Wrong type argument in position 2 (expecting string): #f
> HTTP 500
> Captured in </tmp/artanis-0.2.5/artanis/server/ragnarok.scm>
> Threw in procedure handle-request :
> [REASON] Internal ERROR wrong-type-arg (string= Wrong type argument in
> position ~A (expecting ~A): ~S (2 string #f) (#f))!
> [SERVER ERROR] Internal error from server-side, rendering a 500 page for
> client ...
>
>
> due to comparing what's drawn from the database to #f (I assume since I'm not
> properly passing the data to be compared to the endpoint so it's defaulting
> to false).
Could you try the latest code from git repo? There're lot of fixed since
0.2.5, at lease 150 commits.
>
>
> But I'm also, likely, confused about the HMAC function portion, as well.
>
>
> I thought the general way to handle passwords were, when users sign up, you
> add a salt to the password, hash the whole thing, and then save the result
> and the salt in the database so you don't save the password in the database
> directly.
>
Yes, exactly.
>
> But #:auth seems to grab the password and salt columns from the database…and
> then append the two together and run them from the HMAC/hash function. Which
> seems to be the result of what I'd expect.
In authentication, the proper way is to fetch the random salt string from
DB, then append to the user provided passwd, then run HMAC/hash, then
compare the result to the stored hashed passwd.
>
>
> I'm at a loss so any clarification would be great!
>
>
> Jonathan
--
GNU Powered it
GPL Protected it
GOD Blessed it
HFG - NalaGinrut
Fingerprint F53B 4C56 95B5 E4D5 6093 4324 8469 6772 846A 0058
signature.asc
Description: PGP signature
- [Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling, 2018/09/12
- Re: [Artanis] Using #:auth to Authenticate a User,
Nala Ginrut <=
- Re: [Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling, 2018/09/12
- Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/14
- Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/14
- Re: [Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling, 2018/09/14
- Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/16
- Re: [Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling, 2018/09/17
- Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/19
- Re: [Artanis] Using #:auth to Authenticate a User, Jonathan Schmeling, 2018/09/20
- Re: [Artanis] Using #:auth to Authenticate a User, Nala Ginrut, 2018/09/25