Dancer2 Auth::Extensible 不接受散列密码
[英]Dancer2 Auth::Extensible Not Accepting Hashed Password
问题描述
I've generated a SHA-1 hash using Dancer2::Plugin::Passphrase with the following code:
我已经使用 Dancer2::Plugin::Passphrase 和以下代码生成了一个 SHA-1 哈希:
get '/generate' => {
my $phrase = passphrase('my_password')->generate({ algorithm => 'SHA-1'});
return $phrase->rfc2307();
};
The result looks something like this:结果如下所示:
{SSHA}+2Dro1/ntPchT93mgvYMKGjdzy+XKXK1agsG3//hKuLNrQAK
and that's what I store in my PostgreSQL database.这就是我存储在 PostgreSQL 数据库中的内容。
I'm using Dancer2::Plugin::Auth::Extensible as my login solution, but I've yet to get it to work with encrypted passwords.我使用 Dancer2::Plugin::Auth::Extensible 作为我的登录解决方案,但我还没有让它使用加密密码。 I put a test account into my database where username='test' and password='test', and that works fine.我将一个测试帐户放入我的数据库中,其中 username='test' 和 password='test',并且工作正常。 But username='test2' and password='{SSHA}+2Dro1/ntPchT93mgvYMKGjdzy+XKXK1agsG3//hKuLNrQAK' doesn't work.但是 username='test2' 和 password='{SSHA}+2Dro1/ntPchT93mgvYMKGjdzy+XKXK1agsG3//hKuLNrQAK' 不起作用。 The login page just silently fails and reloads.登录页面只是默默地失败并重新加载。
I turned on DBI_TRACE and don't seen much difference between the two except that the account with the plain text password returns this:我打开了 DBI_TRACE,除了使用纯文本密码的帐户返回以下内容外,两者之间没有太大区别:
[glm::App:3515] debug @2016-05-10 21:02:23> users accepted user test in /usr/local/share/perl/5.20.2/Dancer2/Core/Route.pm l. 137
and the account with the encrypted password returns this:并且具有加密密码的帐户返回以下内容:
[glm::App:3523] core @2016-05-10 21:04:21> looking for get /login in /usr/local/share/perl/5.20.2/Dancer2/Core/App.pm l. 1210
[glm::App:3523] core @2016-05-10 21:04:21> Entering hook core.app.before_request in (eval 62) l. 1
[glm::App:3523] core @2016-05-10 21:04:21> Entering hook core.app.after_request in (eval 62) l. 1
127.0.0.1 - - [10/May/2016:21:04:21 +0100] "POST /login?return_url=%2F HTTP/1.1" 401 383 "http://localhost:5000/login?return_url=%2F" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0"
I'm sure I'm missing something, but the CPAN page doesn't detail how to handle encrypted passwords.我确定我遗漏了一些东西,但CPAN 页面没有详细说明如何处理加密密码。 It just says it will be easy.它只是说这会很容易。 I guess I'm reading that as "encrypted passwords will be handled automagically."我想我读的是“加密的密码将自动处理”。 What am I missing?我错过了什么?
Config配置
This is the relevant portion of my config这是我的配置的相关部分
plugins:
Auth::Extensible:
realms:
users:
provider: 'Database'
Database:
dsn: 'dbi:Pg:service=test'
App.pm应用程序
Below is what I'm doing in the App.pm.下面是我在 App.pm 中所做的。 You can see that I'm just trying to require a login for the home page.你可以看到我只是想要求登录主页。 Maybe I need some '/login' code?也许我需要一些“/登录”代码?
package glm::App;
use Dancer2;
use Dancer2::Plugin::Database;
use Dancer2::Plugin::Auth::Extensible;
use Dancer2::Plugin::Passphrase;
use Template;
our $VERSION = '0.1';
get '/' => require_login sub {
my $sth = database->prepare('SELECT name FROM product', { RaiseError => 1 });
$sth->execute();
template 'create_list', {
'products' => $sth->fetchall_hashref('name'),
};
};
get '/generate'=> sub {
my $phrase = passphrase('my_password')->generate({ algorithm => 'SHA-1' });
return $phrase->rfc2307(); # right now I just manually copy and paste this into the database
};
My database follows the suggested schema for users, passwords, and roles.我的数据库遵循用户、密码和角色的建议架构。
Maybe the only other relevant bit of information I can think of is that if I use an encryption scheme not recognized by Digest, I get an error from Digest.pm.也许我能想到的唯一其他相关信息是,如果我使用 Digest 无法识别的加密方案,我会从 Digest.pm 收到错误消息。 That would seem to indicate that it's recognizing the hashed password and trying to decrypt it, but for whatever reason it's just not working.这似乎表明它正在识别散列密码并尝试对其进行解密,但无论出于何种原因,它都无法正常工作。 Or it's working and redirecting back to the home page... But why doesn't it do that with 'test,test'?或者它正在工作并重定向回主页......但是为什么它不使用'test,test'来做到这一点?
1 个解决方案
解决方案1
1 已采纳 2016-05-18 19:00:22
TL;DR You're using two different methods for hashing, so the generated hashes are incompatible. TL;DR您使用两种不同的散列方法,因此生成的散列不兼容。
Dancer2::Plugin::Auth::Extensible::Provider::Database uses Crypt::SaltedHash: Dancer2::Plugin::Auth::Extensible::Provider::Database使用 Crypt::SaltedHash:
sub encrypt_password {
my ($self, $password, $algorithm) = @_;
$algorithm ||= 'SHA-1';
my $crypt = Crypt::SaltedHash->new(algorithm => $algorithm);
$crypt->add($password);
$crypt->generate;
}
This generates a hash like:这会生成一个散列,如:
{SSHA}qTEaPf8KRPt6XBQXIlQhlWstgBz64coW
Compare that to what you got from Dancer2::Plugin::Passphrase:将其与您从 Dancer2::Plugin::Passphrase 获得的内容进行比较:
{SSHA}+2Dro1/ntPchT93mgvYMKGjdzy+XKXK1agsG3//hKuLNrQAK
Notice that the lengths are different.请注意,长度是不同的。 Dancer2::Plugin::Passphrase uses a 16-byte salt by default, while Crypt::SaltedHash uses a 4-byte salt. Dancer2::Plugin::Passphrase 默认使用 16 字节的 salt,而 Crypt::SaltedHash 使用 4 字节的 salt。
Although you could tell Dancer2::Plugin::Passphrase to use a 4-byte salt, it's much easier to just use Crypt::SaltedHash everywhere.尽管您可以告诉 Dancer2::Plugin::Passphrase 使用 4 字节的 salt,但在任何地方使用 Crypt::SaltedHash 会容易得多。 The Dancer2::Plugin::Auth::Extensible documentation explains how to do this: Dancer2::Plugin::Auth::Extensible 文档解释了如何执行此操作:
A simple script called
generate-crypted-passwordto generate RFC2307-style hashed passwords is included, or you can use Crypt::SaltedHash yourself to do so, or use theslappasswdutility if you have it installed.generate-crypted-password简单脚本来生成 RFC2307 样式的散列密码,或者您可以自己使用 Crypt::SaltedHash 来执行此操作,或者使用slappasswd实用程序(如果已安装)。
For example:例如:
$ generate-crypted-password
Enter plain-text password ?> foo
Result: {SSHA}zdXPS0QqxyKlzXwHxjJ3rsU19Td4ABzW
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.