mirror of https://gitee.com/bigwinds/arangodb
Documented simple auth app.
This commit is contained in:
Alan Plum
parent
a5302532fb
commit
6dd8bf6a52
|
|
@ -1,3 +1,41 @@
|
||||||
!CHAPTER The Simple Authentication App
|
!CHAPTER The Simple Authentication App
|
||||||
|
|
||||||
WRITEME
|
The simple auth app provides hashed password-based authentication with automatically generated salts and constant-time password verification.
|
||||||
|
|
||||||
|
*Configuration*
|
||||||
|
|
||||||
|
* *saltLength* (optional): length of newly generated salts. Default: *16*.
|
||||||
|
* *hashMethod* (optional): hash algorithm to use. Supported values: *sha1*, *sha224*, *sha256*, *md5*. Default: *"sha256"*.
|
||||||
|
|
||||||
|
```js
|
||||||
|
var auth = Foxx.requireApp('/_auth').auth;
|
||||||
|
```
|
||||||
|
|
||||||
|
!SECTION Generate an authentication object
|
||||||
|
|
||||||
|
Generates an authentication object for a given password.
|
||||||
|
|
||||||
|
`auth.hashPassword(password)`
|
||||||
|
|
||||||
|
Returns an authentication object with the following properties:
|
||||||
|
|
||||||
|
* *hash*: the generated hex-encoded hash.
|
||||||
|
* *salt*: the salt used to generate the hash.
|
||||||
|
* *method*: the algorithm used to generate the hash.
|
||||||
|
|
||||||
|
*Parameter*
|
||||||
|
|
||||||
|
* *password*: the password to hash.
|
||||||
|
|
||||||
|
!SECTION Verify a password
|
||||||
|
|
||||||
|
Verifies a password against a given authentication object.
|
||||||
|
|
||||||
|
`auth.verifyPassword(authData, password)`
|
||||||
|
|
||||||
|
Generates a hash for the given password using the *salt* and *method* stored in the authentication object and performs a constant time string comparison on them. Returns *true* if the password is valid or *false* otherwise.
|
||||||
|
|
||||||
|
*Parameter*
|
||||||
|
|
||||||
|
* *authData*: an authentication object.
|
||||||
|
* *password*: a password to verify.
|
||||||
Loading…
Reference in New Issue