authboss icon indicating copy to clipboard operation
authboss copied to clipboard
verified publisher icon volatiletech

Feature/configurable hashing and encoding

Open larrycinnabar opened this issue 3 years ago • 0 comments

Problem

Password hashing :hash:

Password hashing process is hard-coded and can't be modified in any kind. There are cases where we do need control on how password is hashed:

  • Current flow is that user is fetched and then password is checked. But we don't want DB to return user at all, until we are 100% password is right. So we need to first, hash password and query by matching hashed passwords.
  • Other simple example is that application may have some requirements on hashing algorithms.

Confirming/Recovering tokens :envelope:

Reasons for unhardcoding this part:

  • For easier and better testing we need ability to mock token, selector, verifier
  • We need tokens to look shorter/prettier for some reason

Problematic part :red_circle: :

authboss.go has a public helper function VerifyPassword, that now works only if we use default Hasher. a todo item is left there in comments, explaining the issue

Fixes #319, #288

larrycinnabar avatar Apr 19 '22 08:04 larrycinnabar