diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-02-01 12:11:03 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-02-02 11:22:14 +0200 |
commit | eb0a8a9d58df1993f7ddb14aad2fde585e9e164f (patch) | |
tree | 8e451c69246d80835589f4f9b17cfe4b912c80cc /yarns | |
parent | 5f2cbd0c459518c052276e60477c971051ff4fbf (diff) | |
download | qvisqve-eb0a8a9d58df1993f7ddb14aad2fde585e9e164f.tar.gz |
Add: module to hash cleartext passwords for storage
Diffstat (limited to 'yarns')
-rw-r--r-- | yarns/200-client-creds.yarn | 9 | ||||
-rw-r--r-- | yarns/lib.py | 21 |
2 files changed, 22 insertions, 8 deletions
diff --git a/yarns/200-client-creds.yarn b/yarns/200-client-creds.yarn index 07bbf37..78b082c 100644 --- a/yarns/200-client-creds.yarn +++ b/yarns/200-client-creds.yarn @@ -36,7 +36,14 @@ of clients, which it reads at startup from its configuration file: -----END RSA PRIVATE KEY----- clients: test_api: - client_secret: hunter2 + client_secret: + N: 16384 + hash: 5cf3b9cab1eacc818b73d229db...a023e938ee598f6c49749ef0429a889f7 + key_len: 128 + p: 1 + r: 8 + salt: 18112c4c50993ca5db908a15519c51e1 + version: 1 allowed_scopes: - foo - bar diff --git a/yarns/lib.py b/yarns/lib.py index b2e197b..cabd943 100644 --- a/yarns/lib.py +++ b/yarns/lib.py @@ -28,9 +28,10 @@ import Crypto.PublicKey.RSA import jwt import requests import yaml +from yarnutils import * -from yarnutils import * +import salami_secrets srcdir = os.environ['SRCDIR'] @@ -172,6 +173,17 @@ def start_salami(): V['pid-file'] = 'salami.pid' V['port'] = cliapp.runcmd([os.path.join(srcdir, 'randport' )]).strip() V['API_URL'] = 'http://127.0.0.1:{}'.format(V['port']) + + clients = {} + if V['client_id'] and V['client_secret']: + sh = salami_secrets.SecretHasher() + clients = { + V['client_id']: { + 'client_secret': sh.hash(V['client_secret']), + 'allowed_scopes': V['allowed_scopes'], + }, + } + config = { 'log': [ { @@ -183,12 +195,7 @@ def start_salami(): 'token-issuer': V['iss'], 'token-audience': V['aud'], 'token-lifetime': 3600, - 'clients': { - V['client_id']: { - 'client_secret': V['client_secret'], - 'allowed_scopes': V['allowed_scopes'], - }, - }, + 'clients': clients, } env = dict(os.environ) env['SALAMI_CONFIG'] = os.path.join(datadir, 'salami.yaml') |