[#119] Username/password file implementation
This commit implements using a file to pre-load usernames, passwords and
authorizations into the web server. Passwords are always stored hashed,
except when they are initially created by the user. The user also can
use the previously existing option --auth-stdin
to create that file.
See the updated documentation for operational details.
In this commit, in order to focus on the actual operational details,
password hashing is done using the command line utility mkpasswd
. A
future commit will add libsodium
integration. The hash used with
mkpasswd
is sha512 with a salt of the padded user name and an
iteration count of 1,000,000. I tried using scrypt
and bcrypt
, but
they either failed to produce the same hash on different tries, or were
not implemented at the libcrypt
level. That's why I fell back to a
more primitive password hash for now. CMakeLists.txt
checks for the
presence of mkpasswd
, and the Dockerfile
installs the whois
package which (oddly) contains mkpasswd
.
The unsecure ydbgui_users
environment variable (used previously for
testing) has now been removed as we now have a secure way of supplying
users for testing.
New Tests for failure cases:
- tusersNoFile
- tusersInvalidJSON
- tusersValidJSONInvalidKeys
Version incremented from 3.0.0 to 3.1.0.