techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
8b80be4061
authelia/internal/configuration/schema/authentication.go
James Elliott 26369fff3d
[FEATURE] Support Argon2id password hasing and improved entropy (#679) 
* [FEATURE] Support Argon2id Passwords

- Updated go module github.com/simia-tech/crypt
- Added Argon2id support for file based authentication backend
- Made it the default method
- Made it so backwards compatibility with SHA512 exists
- Force seeding of the random string generator used for salts to ensure they are all different
- Added command params to the authelia hash-password command
- Automatically remove {CRYPT} from hashes as they are updated
- Automatically change hashes when they are updated to the configured algorithm
- Made the hashing algorithm parameters completely configurable
- Added reasonably comprehensive test suites
- Updated docs
- Updated config template

* Adjust error output

* Fix unit test

* Add unit tests and argon2 version check

* Fix new unit tests

* Update docs, added tests

* Implement configurable values and more comprehensive testing

* Added cmd params to hash_password, updated docs, misc fixes

* More detailed error for cmd, fixed a typo

* Fixed cmd flag error, minor refactoring

* Requested Changes and Minor refactoring

* Increase entropy

* Update docs for entropy changes

* Refactor to reduce nesting and easier code maintenance

* Cleanup Errors (uniformity for the function call)

* Check salt length, fix docs

* Add Base64 string validation for argon2id

* Cleanup and Finalization
- Moved RandomString function from ./internal/authentication/password_hash.go to ./internal/utils/strings.go
- Added SplitStringToArrayOfStrings func that splits strings into an array with a fixed max string len
- Fixed an error in validator that would allow a zero salt length
- Added a test to verify the upstream crypt module supports our defined random salt chars
- Updated docs
- Removed unused "HashingAlgorithm" string type

* Update crypt go mod, support argon2id key length and major refactor

* Config Template Update, Final Tests

* Use schema defaults for hash-password cmd

* Iterations check

* Docs requested changes

* Test Coverage, suggested edits

* Wording edit

* Doc changes

* Default sanity changes

* Default sanity changes - docs

* CI Sanity changes

* Memory in MB
2020-03-06 12:38:02 +11:00

65 lines
2.3 KiB
Go
Raw Blame History

package schema
// LDAPAuthenticationBackendConfiguration represents the configuration related to LDAP server.
type LDAPAuthenticationBackendConfiguration struct {
URL string `mapstructure:"url"`
SkipVerify bool `mapstructure:"skip_verify"`
BaseDN string `mapstructure:"base_dn"`
AdditionalUsersDN string `mapstructure:"additional_users_dn"`
UsersFilter string `mapstructure:"users_filter"`
AdditionalGroupsDN string `mapstructure:"additional_groups_dn"`
GroupsFilter string `mapstructure:"groups_filter"`
GroupNameAttribute string `mapstructure:"group_name_attribute"`
MailAttribute string `mapstructure:"mail_attribute"`
User string `mapstructure:"user"`
Password string `mapstructure:"password"`
}
// FileAuthenticationBackendConfiguration represents the configuration related to file-based backend
type FileAuthenticationBackendConfiguration struct {
Path string `mapstructure:"path"`
PasswordHashing *PasswordHashingConfiguration `mapstructure:"password"`
}
type PasswordHashingConfiguration struct {
Iterations int `mapstructure:"iterations"`
KeyLength int `mapstructure:"key_length"`
SaltLength int `mapstructure:"salt_length"`
Algorithm string `mapstrucutre:"algorithm"`
Memory int `mapstructure:"memory"`
Parallelism int `mapstructure:"parallelism"`
}
// Default Argon2id Configuration
var DefaultPasswordOptionsConfiguration = PasswordHashingConfiguration{
Iterations: 1,
KeyLength: 32,
SaltLength: 16,
Algorithm: "argon2id",
Memory: 1024,
Parallelism: 8,
}
// Default Argon2id Configuration for CI testing when calling HashPassword()
var DefaultCIPasswordOptionsConfiguration = PasswordHashingConfiguration{
Iterations: 1,
KeyLength: 32,
SaltLength: 16,
Algorithm: "argon2id",
Memory: 128,
Parallelism: 8,
}
// Default SHA512 Cofniguration
var DefaultPasswordOptionsSHA512Configuration = PasswordHashingConfiguration{
Iterations: 50000,
SaltLength: 16,
Algorithm: "sha512",
}
// AuthenticationBackendConfiguration represents the configuration related to the authentication backend.
type AuthenticationBackendConfiguration struct {
Ldap *LDAPAuthenticationBackendConfiguration `mapstructure:"ldap"`
File *FileAuthenticationBackendConfiguration `mapstructure:"file"`
}
Reference in New Issue View Git Blame Copy Permalink