Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Authentication models #3

Open
PhilippMDoerner opened this issue Oct 3, 2022 · 3 comments
Open

Add support for Authentication models #3

PhilippMDoerner opened this issue Oct 3, 2022 · 3 comments
Labels
enhancement New feature or request Post-Release-Feature A nice feature not necessary to be included for Snorlogue 1.0

Comments

@PhilippMDoerner
Copy link
Owner

PhilippMDoerner commented Oct 3, 2022
edited
Loading

Similar to Django, in order to provide "log-in" capabilities, an Authentication Model is required.
Admins can then authenticate against that model.
That means a model where the user can store a password and have it automatically get hashed according to some configured encryption method.

This means re-building Django's way of encrypting, including providing several ways to do so that can be swapped out depending on a configuration value (only new values get hashed with the new method, old entries can't be rehashed but must still work).

Further it means supporting password fields in the frontend forms.

Further it means that the extension must be able to check whether the model already exists on the database and if it doesn't, either add it or throw an error that it must be added.
@PhilippMDoerner PhilippMDoerner added the enhancement New feature or request label Oct 3, 2022
@enthus1ast
Copy link

enthus1ast commented Oct 5, 2022
edited
Loading

Some option to rehash could be:

  1. if a password must be rehashed, it could be done on the next login of the user.
    The issue here is, that maybe a user never logs in again, thus the password is never rehashed
    and become insecure over time.
  2. if passwords are not on a defined security level. The hash itself could be rehashed with the newer standards, this requires of course that all the hashing methods must be stored and all must be applied in order to login.

@PhilippMDoerner PhilippMDoerner added the Post-Release-Feature A nice feature not necessary to be included for Snorlogue 1.0 label Nov 30, 2022
@PhilippMDoerner
Copy link
Owner Author

Realization:
Should I add a default way to authenticate against Snorlogue, it would provide a way to allow each authenticated user to use different connections. This only really matters in the context of a postgres database.

What it would enable though is that if user X is registered, then they can get connections to postgres with a user mapped to their kind of account. This means that Snorlogue could provide different levels of database access for different kinds of users.

This is irrelevant for sqlite as sqlite has no way for permission management.

@PhilippMDoerner
Copy link
Owner Author

This is actually much less of a big deal than before. I've learned a decent amount in password hashing since then and written nimword which deals with that complexity, thus leaving it out of Snorlogue. I'm not sure anymore if it would be terribly difficult to just replicate Django's auth models and have that as a sub-package in Snorlogue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request Post-Release-Feature A nice feature not necessary to be included for Snorlogue 1.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@enthus1ast @PhilippMDoerner