From 8d593865881a5aa0ea4f5cd13ec6b60bafd25a00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jukka-Pekka=20Sirki=C3=A4?= <jukkapekka.sirkia@gmail.com> Date: Thu, 12 Dec 2019 22:39:15 +0200 Subject: [PATCH] Changed the way user authentication parameters are sent --- README.md | 11 ++++++++++- src/controllers/controllers.js | 3 ++- src/requests/getUserAuthentication.rest | 7 +------ src/utils/hashing.js | 3 ++- 4 files changed, 15 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index a9c9245..b9c1966 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,12 @@ # Secure password hashing server -This is a Node.js application implementing a secure password hashing server. The application is created for the fourth weekly exercise on the course DTEK8102 Privacy and Security for Software Systems. \ No newline at end of file +This is a Node.js application implementing a secure password hashing server. The application is created for the fourth weekly exercise on the course DTEK8102 Privacy and Security for Software Systems. + +## How to use? + +The steps are: +- Install [Node.js](https://nodejs.org/en/) +- ```npm install``` +- ```npm run watch``` +- The server is now running at *localhost:8000* +- Send HTTP requests and see how the server responds. Example requests are in the folder *src/requests*. Use the POST request first since the database initializes itself every time the server is started, and hence the database is empty. After the POST request send a GET request to authenticate the user (use the same username and password as in the POST request to see a successful authentication, or change the username/password to see it fail). \ No newline at end of file diff --git a/src/controllers/controllers.js b/src/controllers/controllers.js index 7d741f9..4456cbf 100644 --- a/src/controllers/controllers.js +++ b/src/controllers/controllers.js @@ -9,7 +9,8 @@ const storeUsernameAndPassword = (req, res) => { }; const authenticateUser = (req, res) => { - userDataServices.authenticateUser(req.body.username, req.body.password, (err, result) => { + const [username, password] = req.headers.authorization.split(' ')[1].split(':'); + userDataServices.authenticateUser(username, password, (err, result) => { if (err) return res.status(404).send('User not found.'); if (!result) return res.status(401).send('Authentication failed.'); diff --git a/src/requests/getUserAuthentication.rest b/src/requests/getUserAuthentication.rest index b16d4e8..7029e39 100644 --- a/src/requests/getUserAuthentication.rest +++ b/src/requests/getUserAuthentication.rest @@ -1,7 +1,2 @@ get http://localhost:8000/api/v1/userData -content-type: application/json - -{ - "username": "Superuser", - "password": "StrongPassword" -} \ No newline at end of file +authorization: Basic Superuser:StrongPassword \ No newline at end of file diff --git a/src/utils/hashing.js b/src/utils/hashing.js index ea11db7..5a3c6a3 100644 --- a/src/utils/hashing.js +++ b/src/utils/hashing.js @@ -14,9 +14,10 @@ const getSalt = callback => { // Create a password hash based on the scrypt function. const getHash = (password, salt, callback) => { let options = { - N: 16384, + N: 1048576, // 2^20 r: 8, p: 1, + maxmem: 1024 * 1024 * 1024 * 2 }; crypto.scrypt(password, salt, 64, options, (err, hash) => { if (err) { -- GitLab