Commit graph

7 commits

Author SHA1 Message Date
Valentin Tolmer
790fd7c5d1 cargo: Update to 2021 edition 2021-11-23 00:25:47 +01:00
Valentin Tolmer
4551e27b55 server, auth: Update some dependencies 2021-11-23 00:25:47 +01:00
Valentin Tolmer
77ced7ea43 misc: Forbid non-ascii identifiers
That prevents a class of unicode attacks, e.g. invisible characters.
2021-11-23 00:25:47 +01:00
Valentin Tolmer
aa8bbf96f8 cargo: Bump the version to 0.2.0 2021-10-20 08:58:36 +02:00
Valentin Tolmer
f026e7cd38 auth: Add a disclaimer around the argon hash
Some people initially thought that the fixed salt was a security flaw.
This comment clarifies the role of the Argon hash and justifies the
fixed salt.
2021-10-20 08:58:36 +02:00
Valentin Tolmer
73a39fecf0 opaque: Lower the compute cost
This reduces the time to validate a password, at a minor cost of
security (makes bruteforcing the DB easier, but still really hard).

Note: this invalidates all current passwords. It is recommended to
delete the admin user directly in sqlite:

$ sqlite3 users.db
> DELETE from users WHERE user_id = "admin";

It will be recreated with the reset password when restarting the server.
The admin can then reset other users' passwords.
2021-10-15 08:05:50 +02:00
Valentin Tolmer
3eb53ba5bf model: rename to auth
Since the "model" doesn't contain any message from the API anymore, and
instead contains only the structures needed for authentication, it was
renamed as such.
2021-08-31 20:32:55 +02:00