mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
26369fff3d
* [FEATURE] Support Argon2id Passwords
- Updated go module github.com/simia-tech/crypt
- Added Argon2id support for file based authentication backend
- Made it the default method
- Made it so backwards compatibility with SHA512 exists
- Force seeding of the random string generator used for salts to ensure they are all different
- Added command params to the authelia hash-password command
- Automatically remove {CRYPT} from hashes as they are updated
- Automatically change hashes when they are updated to the configured algorithm
- Made the hashing algorithm parameters completely configurable
- Added reasonably comprehensive test suites
- Updated docs
- Updated config template
* Adjust error output
* Fix unit test
* Add unit tests and argon2 version check
* Fix new unit tests
* Update docs, added tests
* Implement configurable values and more comprehensive testing
* Added cmd params to hash_password, updated docs, misc fixes
* More detailed error for cmd, fixed a typo
* Fixed cmd flag error, minor refactoring
* Requested Changes and Minor refactoring
* Increase entropy
* Update docs for entropy changes
* Refactor to reduce nesting and easier code maintenance
* Cleanup Errors (uniformity for the function call)
* Check salt length, fix docs
* Add Base64 string validation for argon2id
* Cleanup and Finalization
- Moved RandomString function from ./internal/authentication/password_hash.go to ./internal/utils/strings.go
- Added SplitStringToArrayOfStrings func that splits strings into an array with a fixed max string len
- Fixed an error in validator that would allow a zero salt length
- Added a test to verify the upstream crypt module supports our defined random salt chars
- Updated docs
- Removed unused "HashingAlgorithm" string type
* Update crypt go mod, support argon2id key length and major refactor
* Config Template Update, Final Tests
* Use schema defaults for hash-password cmd
* Iterations check
* Docs requested changes
* Test Coverage, suggested edits
* Wording edit
* Doc changes
* Default sanity changes
* Default sanity changes - docs
* CI Sanity changes
* Memory in MB
45 lines
1.3 KiB
Go
45 lines
1.3 KiB
Go
package authentication
|
|
|
|
// Level is the type representing a level of authentication
|
|
type Level int
|
|
|
|
const (
|
|
// NotAuthenticated if the user is not authenticated yet.
|
|
NotAuthenticated Level = iota
|
|
// OneFactor if the user has passed first factor only.
|
|
OneFactor Level = iota
|
|
// TwoFactor if the user has passed two factors.
|
|
TwoFactor Level = iota
|
|
)
|
|
|
|
const (
|
|
// TOTP Method using Time-Based One-Time Password applications like Google Authenticator
|
|
TOTP = "totp"
|
|
// U2F Method using U2F devices like Yubikeys
|
|
U2F = "u2f"
|
|
// Push Method using Duo application to receive push notifications.
|
|
Push = "mobile_push"
|
|
)
|
|
|
|
// PossibleMethods is the set of all possible 2FA methods.
|
|
var PossibleMethods = []string{TOTP, U2F, Push}
|
|
|
|
const (
|
|
//Argon2id Hash Identifier
|
|
HashingAlgorithmArgon2id = "argon2id"
|
|
//SHA512 Hash Identifier
|
|
HashingAlgorithmSHA512 = "6"
|
|
)
|
|
|
|
// These are the default values from the upstream crypt module, we use them to for GetInt, and they need to be checked when updating github.com/simia-tech/crypt
|
|
const (
|
|
HashingDefaultArgon2idTime = 1
|
|
HashingDefaultArgon2idMemory = 32 * 1024
|
|
HashingDefaultArgon2idParallelism = 4
|
|
HashingDefaultArgon2idKeyLength = 32
|
|
HashingDefaultSHA512Iterations = 5000
|
|
)
|
|
|
|
// Valid Hashing runes
|
|
var HashingPossibleSaltCharacters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/")
|