Documentation ¶
Index ¶
- Constants
- Variables
- func ConfigHashAlgorithm(algorithm string) string
- func MustRegister[T PasswordSaltHasher](name string, newFn func(config string) T)
- func Register[T PasswordSaltHasher](name string, newFn func(config string) T) error
- type Argon2Hasher
- type BcryptHasher
- type DummyHasher
- type PBKDF2Hasher
- type PasswordHashAlgorithm
- type PasswordHasher
- type PasswordSaltHasher
- type PasswordVerifier
- type ScryptHasher
Constants ¶
const DefaultHashAlgorithmName = "pbkdf2"
DefaultHashAlgorithmName represents the default value of PASSWORD_HASH_ALGO configured in app.ini.
It is NOT the same and does NOT map to the defaultEmptyHashAlgorithmSpecification.
It will be dealiased as per aliasAlgorithmNames whereas defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.
Variables ¶
var RecommendedHashAlgorithms = []string{
"pbkdf2",
"argon2",
"bcrypt",
"scrypt",
"pbkdf2_hi",
}
Functions ¶
func ConfigHashAlgorithm ¶
ConfigHashAlgorithm will try to find a "recommended algorithm name" defined by RecommendedHashAlgorithms for config This function is not fast and is only used for the installation page
func MustRegister ¶
func MustRegister[T PasswordSaltHasher](name string, newFn func(config string) T)
MustRegister registers a PasswordSaltHasher with the availableHasherFactories Caution: This is not thread safe.
Types ¶
type Argon2Hasher ¶
type Argon2Hasher struct {
// contains filtered or unexported fields
}
Argon2Hasher implements PasswordHasher and uses the Argon2 key derivation function, hybrant variant
func NewArgon2Hasher ¶
func NewArgon2Hasher(config string) *Argon2Hasher
NewArgon2Hasher is a factory method to create an Argon2Hasher The provided config should be either empty or of the form: "<time>$<memory>$<threads>$<keyLen>", where <x> is the string representation of an integer
func (*Argon2Hasher) HashWithSaltBytes ¶
func (hasher *Argon2Hasher) HashWithSaltBytes(password string, salt []byte) string
HashWithSaltBytes a provided password and salt
type BcryptHasher ¶
type BcryptHasher struct {
// contains filtered or unexported fields
}
BcryptHasher implements PasswordHasher and uses the bcrypt password hash function.
func NewBcryptHasher ¶
func NewBcryptHasher(config string) *BcryptHasher
NewBcryptHasher is a factory method to create an BcryptHasher The provided config should be either empty or the string representation of the "<cost>" as an integer
func (*BcryptHasher) HashWithSaltBytes ¶
func (hasher *BcryptHasher) HashWithSaltBytes(password string, salt []byte) string
HashWithSaltBytes a provided password and salt
func (*BcryptHasher) VerifyPassword ¶
func (hasher *BcryptHasher) VerifyPassword(password, hashedPassword, salt string) bool
type DummyHasher ¶
type DummyHasher struct{}
DummyHasher implements PasswordHasher and is a dummy hasher that simply puts the password in place with its salt This SHOULD NOT be used in production and is provided to make the integration tests faster only
func NewDummyHasher ¶
func NewDummyHasher(_ string) *DummyHasher
NewDummyHasher is a factory method to create a DummyHasher Any provided configuration is ignored
func (*DummyHasher) HashWithSaltBytes ¶
func (hasher *DummyHasher) HashWithSaltBytes(password string, salt []byte) string
HashWithSaltBytes a provided password and salt
type PBKDF2Hasher ¶
type PBKDF2Hasher struct {
// contains filtered or unexported fields
}
PBKDF2Hasher implements PasswordHasher and uses the PBKDF2 key derivation function.
func NewPBKDF2Hasher ¶
func NewPBKDF2Hasher(config string) *PBKDF2Hasher
NewPBKDF2Hasher is a factory method to create an PBKDF2Hasher config should be either empty or of the form: "<iter>$<keyLen>", where <x> is the string representation of an integer
func (*PBKDF2Hasher) HashWithSaltBytes ¶
func (hasher *PBKDF2Hasher) HashWithSaltBytes(password string, salt []byte) string
HashWithSaltBytes a provided password and salt
type PasswordHashAlgorithm ¶
type PasswordHashAlgorithm struct { PasswordSaltHasher Specification string // The specification that is used to create the internal PasswordSaltHasher }
PasswordHashAlgorithms are named PasswordSaltHashers with a default verifier and hash function
var DefaultHashAlgorithm *PasswordHashAlgorithm
func Parse ¶
func Parse(algorithmSpec string) *PasswordHashAlgorithm
Parse will convert the provided algorithm specification in to a PasswordHashAlgorithm If the provided specification matches the DefaultHashAlgorithm Specification it will be used. In addition the last non-default hasher will be cached to help reduce the load from parsing specifications.
NOTE: No de-aliasing is done in this function, thus any specification which does not contain a configuration will use the default values for that hasher. These are not necessarily the same values as those obtained by dealiasing. This allows for seamless backwards compatibility with the original configuration.
To further labour this point, running `Parse("pbkdf2")` does not obtain the same algorithm as setting `PASSWORD_HASH_ALGO=pbkdf2` in app.ini, nor is it intended to. A user that has `password_hash_algo='pbkdf2'` in the db means get the original, unconfigured algorithm Users will be migrated automatically as they log-in to have the complete specification stored in their `password_hash_algo` fields by other code.
func SetDefaultPasswordHashAlgorithm ¶
func SetDefaultPasswordHashAlgorithm(algorithmName string) (string, *PasswordHashAlgorithm)
SetDefaultPasswordHashAlgorithm will take a provided algorithmName and de-alias it to a complete algorithm specification.
func (*PasswordHashAlgorithm) Hash ¶
func (algorithm *PasswordHashAlgorithm) Hash(password, salt string) (string, error)
Hash the provided password with the salt and return the hash
func (*PasswordHashAlgorithm) VerifyPassword ¶
func (algorithm *PasswordHashAlgorithm) VerifyPassword(providedPassword, hashedPassword, salt string) bool
Verify the provided password matches the hashPassword when hashed with the salt
type PasswordHasher ¶
PasswordHasher will hash a provided password with the salt
type PasswordSaltHasher ¶
PasswordSaltHasher will hash a provided password with the provided saltBytes
type PasswordVerifier ¶
type PasswordVerifier interface {
VerifyPassword(providedPassword, hashedPassword, salt string) bool
}
PasswordVerifier will ensure that a providedPassword matches the hashPassword when hashed with the salt
type ScryptHasher ¶
type ScryptHasher struct {
// contains filtered or unexported fields
}
ScryptHasher implements PasswordHasher and uses the scrypt key derivation function.
func NewScryptHasher ¶
func NewScryptHasher(config string) *ScryptHasher
NewScryptHasher is a factory method to create an ScryptHasher The provided config should be either empty or of the form: "<n>$<r>$<p>$<keyLen>", where <x> is the string representation of an integer
func (*ScryptHasher) HashWithSaltBytes ¶
func (hasher *ScryptHasher) HashWithSaltBytes(password string, salt []byte) string
HashWithSaltBytes a provided password and salt