feat: salting password
This commit is contained in:
parent
5c355cfdaf
commit
697bd4c051
|
@ -54,7 +54,7 @@ impl Database {
|
|||
pub async fn create_user(&self, user: &User) -> Result<SqliteQueryResult, Error> {
|
||||
debug!("Creating user - {}", user.username);
|
||||
|
||||
// inster user to a database
|
||||
// insert user to a database
|
||||
let query = sqlx::query("INSERT INTO user (id, username, password) VALUES (?, ?, ?)")
|
||||
.bind(&user.id)
|
||||
.bind(&user.username)
|
||||
|
|
|
@ -30,6 +30,9 @@ impl User {
|
|||
let sha1_name = CryptographicHash::hash(Algorithm::SHA1, username.as_bytes());
|
||||
let id = Uuid::new_v5(&Uuid::NAMESPACE_X500, &sha1_name).to_string();
|
||||
|
||||
// salting the password
|
||||
let password = format!("{username}${password}");
|
||||
|
||||
// hash password using SHA-512
|
||||
let password = hex::encode(CryptographicHash::hash(
|
||||
Algorithm::SHA512,
|
||||
|
@ -71,22 +74,47 @@ impl User {
|
|||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use crypto_utils::sha::{Algorithm, CryptographicHash};
|
||||
|
||||
use super::User;
|
||||
|
||||
/// Check if the username has been changed to lowercase
|
||||
/// Check if the username is in lowercase
|
||||
#[test]
|
||||
fn check_username_is_in_lowercase() {
|
||||
let user = User::new("MEdzIk", "SuperSecretPassword123!");
|
||||
// example user data
|
||||
let username = "mEDZIk";
|
||||
let password = "password";
|
||||
|
||||
assert_eq!(user.username, "medzik")
|
||||
// username in lowercase (expected username)
|
||||
let username_expected = "medzik";
|
||||
|
||||
// create a new `User` type
|
||||
let user = User::new(username, password);
|
||||
|
||||
// username validation with expected username
|
||||
assert_eq!(user.username, username_expected)
|
||||
}
|
||||
|
||||
/// Check that the password is a checksum
|
||||
/// Check that the password is a checksum with a salt
|
||||
#[test]
|
||||
fn check_if_password_is_hashed() {
|
||||
fn check_if_password_is_hashed_and_salted() {
|
||||
// example user data
|
||||
let username = "username";
|
||||
let password = "password";
|
||||
let user = User::new("test", password);
|
||||
|
||||
assert!(user.password != password)
|
||||
// create a new `User` type
|
||||
let user = User::new(username, password);
|
||||
|
||||
// expected password salt (string)
|
||||
let password_expected_salt = format!("{username}${password}");
|
||||
|
||||
// expected password (hashed)
|
||||
let password_expected = hex::encode(CryptographicHash::hash(
|
||||
Algorithm::SHA512,
|
||||
password_expected_salt.as_bytes(),
|
||||
));
|
||||
|
||||
// password validation with expected password salt
|
||||
assert_eq!(user.password, password_expected)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,41 +0,0 @@
|
|||
{
|
||||
"name": "@homedisk/website",
|
||||
"description": "Fast and lightweight local cloud for your data written in Rust",
|
||||
"version": "0.0.0",
|
||||
"author": "MedzikUser <nivua1fn@duck.com>",
|
||||
"license": "GPL-3.0",
|
||||
"scripts": {
|
||||
"dev": "next dev",
|
||||
"build": "next build",
|
||||
"export": "next export",
|
||||
"start": "next start",
|
||||
"lint": "next lint"
|
||||
},
|
||||
"dependencies": {
|
||||
"@babel/core": "7.18.5",
|
||||
"@emotion/react": "11.9.3",
|
||||
"@emotion/styled": "11.9.3",
|
||||
"@fortawesome/fontawesome-svg-core": "6.1.1",
|
||||
"@fortawesome/free-solid-svg-icons": "6.1.1",
|
||||
"@fortawesome/react-fontawesome": "0.1.18",
|
||||
"@mui/icons-material": "5.8.4",
|
||||
"@mui/material": "5.8.4",
|
||||
"@mui/styled-engine-sc": "5.8.0",
|
||||
"axios": "0.27.2",
|
||||
"next": "12.1.6",
|
||||
"react": "18.2.0",
|
||||
"react-cookie": "4.1.1",
|
||||
"react-dom": "18.2.0",
|
||||
"react-is": "18.2.0",
|
||||
"react-toastify": "9.0.4",
|
||||
"styled-components": "5.3.5"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/node": "17.0.31",
|
||||
"@types/react": "18.0.12",
|
||||
"@types/styled-components": "5.1.25",
|
||||
"eslint": "8.17.0",
|
||||
"eslint-config-next": "12.1.6",
|
||||
"typescript": "4.7.3"
|
||||
}
|
||||
}
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue