summaryrefslogtreecommitdiff
path: root/internal/authentication/file_user_provider.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/authentication/file_user_provider.go')
-rw-r--r--internal/authentication/file_user_provider.go40
1 files changed, 28 insertions, 12 deletions
diff --git a/internal/authentication/file_user_provider.go b/internal/authentication/file_user_provider.go
index e8969e900..1c6c47094 100644
--- a/internal/authentication/file_user_provider.go
+++ b/internal/authentication/file_user_provider.go
@@ -1,21 +1,22 @@
package authentication
import (
+ "errors"
"fmt"
"io/ioutil"
"strings"
"sync"
"github.com/asaskevich/govalidator"
-
+ "github.com/authelia/authelia/internal/configuration/schema"
"gopkg.in/yaml.v2"
)
// FileUserProvider is a provider reading details from a file.
type FileUserProvider struct {
- path *string
- database *DatabaseModel
- lock *sync.Mutex
+ configuration *schema.FileAuthenticationBackendConfiguration
+ database *DatabaseModel
+ lock *sync.Mutex
}
// UserDetailsModel is the model of user details in the file database.
@@ -31,8 +32,8 @@ type DatabaseModel struct {
}
// NewFileUserProvider creates a new instance of FileUserProvider.
-func NewFileUserProvider(filepath string) *FileUserProvider {
- database, err := readDatabase(filepath)
+func NewFileUserProvider(configuration *schema.FileAuthenticationBackendConfiguration) *FileUserProvider {
+ database, err := readDatabase(configuration.Path)
if err != nil {
// Panic since the file does not exist when Authelia is starting.
panic(err.Error())
@@ -45,9 +46,9 @@ func NewFileUserProvider(filepath string) *FileUserProvider {
}
return &FileUserProvider{
- path: &filepath,
- database: database,
- lock: &sync.Mutex{},
+ configuration: configuration,
+ database: database,
+ lock: &sync.Mutex{},
}
}
@@ -114,9 +115,24 @@ func (p *FileUserProvider) UpdatePassword(username string, newPassword string) e
return fmt.Errorf("User '%s' does not exist in database", username)
}
- hash := HashPassword(newPassword, "")
- details.HashedPassword = fmt.Sprintf("{CRYPT}%s", hash)
+ var algorithm string
+ if p.configuration.PasswordHashing.Algorithm == "argon2id" {
+ algorithm = HashingAlgorithmArgon2id
+ } else if p.configuration.PasswordHashing.Algorithm == "sha512" {
+ algorithm = HashingAlgorithmSHA512
+ } else {
+ return errors.New("Invalid algorithm in configuration. It should be `argon2id` or `sha512`")
+ }
+
+ hash, err := HashPassword(
+ newPassword, "", algorithm, p.configuration.PasswordHashing.Iterations,
+ p.configuration.PasswordHashing.Memory*1024, p.configuration.PasswordHashing.Parallelism,
+ p.configuration.PasswordHashing.KeyLength, p.configuration.PasswordHashing.SaltLength)
+ if err != nil {
+ return err
+ }
+ details.HashedPassword = hash
p.lock.Lock()
p.database.Users[username] = details
@@ -125,7 +141,7 @@ func (p *FileUserProvider) UpdatePassword(username string, newPassword string) e
p.lock.Unlock()
return err
}
- err = ioutil.WriteFile(*p.path, b, 0644)
+ err = ioutil.WriteFile(p.configuration.Path, b, 0644)
p.lock.Unlock()
return err
}