pierrekilly opened a new pull request #1160: Add support for Bcrypt password hashing URL: https://github.com/apache/couchdb/pull/1160 ## Overview Add support for Bcrypt password hashing. ## Testing recommendations Add the following configuration entry: - Section: `couch_httpd_auth` - Name: `password_scheme` - Value: `bcrypt` Then you can add a user ``` curl -v -X PUT http://localhost:5984/_users/org.couchdb.user:jan -H "Accept: application/json" -H "Content-Type: application/json" -d '{"name": "jan", "password": "apple", "roles": [], "type": "user"}' ``` and check that this user can authenticate and that his password is hashed using bcrypt: ``` $ curl -v -X POST http://localhost:5984/_session -H "Accept: application/json" -H "Content-Type: application/json" -d '{"name": "jan", "password": "apple"}' Note: Unnecessary use of -X or --request, POST is already inferred. * Trying ::1... * TCP_NODELAY set * connect to ::1 port 5984 failed: Connection refused * Trying 127.0.0.1... * TCP_NODELAY set * Connected to localhost (127.0.0.1) port 5984 (#0) > POST /_session HTTP/1.1 > Host: localhost:5984 > User-Agent: curl/7.58.0 > Accept: application/json > Content-Type: application/json > Content-Length: 36 > * upload completely sent off: 36 out of 36 bytes < HTTP/1.1 200 OK < Set-Cookie: AuthSession=amFuOjVBODIwREYxOiXb3vYQn-vkNlUhKjx-P4hHO513; Version=1; Path=/; HttpOnly < Server: CouchDB/2.2.0-3b53c1c92 (Erlang OTP/20) < Date: Mon, 12 Feb 2018 21:58:09 GMT < Content-Type: application/json < Content-Length: 36 < Cache-Control: must-revalidate < {"ok":true,"name":"jan","roles":[]} * Connection #0 to host localhost left intact ``` ``` $ curl -v -X GET http://localhost:5984/_session -H "Accept: application/json" -H "Cookie: AuthSession=amFuOjVBODIwREYxOiXb3vYQn-vkNlUhKjx-P4hHO513; Version=1; Path=/; HttpOnly" Note: Unnecessary use of -X or --request, GET is already inferred. * Trying ::1... * TCP_NODELAY set * connect to ::1 port 5984 failed: Connection refused * Trying 127.0.0.1... * TCP_NODELAY set * Connected to localhost (127.0.0.1) port 5984 (#0) > GET /_session HTTP/1.1 > Host: localhost:5984 > User-Agent: curl/7.58.0 > Accept: application/json > Cookie: AuthSession=amFuOjVBODIwREYxOiXb3vYQn-vkNlUhKjx-P4hHO513; Version=1; Path=/; HttpOnly > < HTTP/1.1 200 OK < Set-Cookie: AuthSession=amFuOjVBODIwRTM0OmLuURvWLMnj_YNXuhae6UD3xHkh; Version=1; Path=/; HttpOnly < Server: CouchDB/2.2.0-3b53c1c92 (Erlang OTP/20) < Date: Mon, 12 Feb 2018 21:59:16 GMT < Content-Type: application/json < Content-Length: 158 < Cache-Control: must-revalidate < {"ok":true,"userCtx":{"name":"jan","roles":[]},"info":{"authentication_db":"_users","authentication_handlers":["cookie","default"],"authenticated":"cookie"}} * Connection #0 to host localhost left intact ``` ## Related Issues or Pull Requests There will be a PR from the documentation changes from my fork: https://github.com/pierrekilly/couchdb-documentation/tree/bcrypt-hashing ## Checklist - [X] Code is written and works correctly; - [X] Changes are covered by tests; - [X] Documentation reflects the changes; I have forked and updated the documentation but I have an issue with it: [in the Hashing passwords section in the Security chapter](http://docs.couchdb.org/en/2.1.1/intro/security.html?highlight=Hashing%20Passwords) I would like to add that starting from the next release bcrypt is supported but the next release doesn't exists yet, so the `make html` task fails. I still open this PR as I would like this code to be reviewed already.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
