Skip to content
Snippets Groups Projects
Commit 8d593865 authored by Jukka-Pekka Sirkiä's avatar Jukka-Pekka Sirkiä
Browse files

Changed the way user authentication parameters are sent

parent 30a4f321
Branches develop
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
README.md
+ 10
1
View file @ 8d593865
# Secure password hashing server # Secure password hashing server
This is a Node.js application implementing a secure password hashing server. The application is created for the fourth weekly exercise on the course DTEK8102 Privacy and Security for Software Systems. This is a Node.js application implementing a secure password hashing server. The application is created for the fourth weekly exercise on the course DTEK8102 Privacy and Security for Software Systems.
## How to use?
The steps are:
- Install [Node.js](https://nodejs.org/en/)
- ```npm install```
- ```npm run watch```
- The server is now running at *localhost:8000*
- Send HTTP requests and see how the server responds. Example requests are in the folder *src/requests*. Use the POST request first since the database initializes itself every time the server is started, and hence the database is empty. After the POST request send a GET request to authenticate the user (use the same username and password as in the POST request to see a successful authentication, or change the username/password to see it fail).
\ No newline at end of file
src/controllers/controllers.js
+ 2
1
View file @ 8d593865
...@@ -9,7 +9,8 @@ const storeUsernameAndPassword = (req, res) => { ...@@ -9,7 +9,8 @@ const storeUsernameAndPassword = (req, res) => {
}; };
const authenticateUser = (req, res) => { const authenticateUser = (req, res) => {
userDataServices.authenticateUser(req.body.username, req.body.password, (err, result) => { const [username, password] = req.headers.authorization.split(' ')[1].split(':');
userDataServices.authenticateUser(username, password, (err, result) => {
if (err) return res.status(404).send('User not found.'); if (err) return res.status(404).send('User not found.');
if (!result) return res.status(401).send('Authentication failed.'); if (!result) return res.status(401).send('Authentication failed.');
......
src/requests/getUserAuthentication.rest
+ 1
6
View file @ 8d593865
get http://localhost:8000/api/v1/userData get http://localhost:8000/api/v1/userData
content-type: application/json authorization: Basic Superuser:StrongPassword
\ No newline at end of file
{
"username": "Superuser",
"password": "StrongPassword"
}
\ No newline at end of file
src/utils/hashing.js
+ 2
1
View file @ 8d593865
...@@ -14,9 +14,10 @@ const getSalt = callback => { ...@@ -14,9 +14,10 @@ const getSalt = callback => {
// Create a password hash based on the scrypt function. // Create a password hash based on the scrypt function.
const getHash = (password, salt, callback) => { const getHash = (password, salt, callback) => {
let options = { let options = {
N: 16384, N: 1048576, // 2^20
r: 8, r: 8,
p: 1, p: 1,
maxmem: 1024 * 1024 * 1024 * 2
}; };
crypto.scrypt(password, salt, 64, options, (err, hash) => { crypto.scrypt(password, salt, 64, options, (err, hash) => {
if (err) { if (err) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment