|
|
@@ -52,6 +52,9 @@ var (
|
|
|
ErrRoleNotGranted = errors.New("auth: role is not granted to the user")
|
|
|
ErrPermissionNotGranted = errors.New("auth: permission is not granted to the role")
|
|
|
ErrAuthNotEnabled = errors.New("auth: authentication is not enabled")
|
|
|
+
|
|
|
+ // BcryptCost is the algorithm cost / strength for hashing auth passwords
|
|
|
+ BcryptCost = bcrypt.DefaultCost
|
|
|
)
|
|
|
|
|
|
const (
|
|
|
@@ -240,7 +243,7 @@ func (as *authStore) Recover(be backend.Backend) {
|
|
|
}
|
|
|
|
|
|
func (as *authStore) UserAdd(r *pb.AuthUserAddRequest) (*pb.AuthUserAddResponse, error) {
|
|
|
- hashed, err := bcrypt.GenerateFromPassword([]byte(r.Password), bcrypt.DefaultCost)
|
|
|
+ hashed, err := bcrypt.GenerateFromPassword([]byte(r.Password), BcryptCost)
|
|
|
if err != nil {
|
|
|
plog.Errorf("failed to hash password: %s", err)
|
|
|
return nil, err
|
|
|
@@ -287,7 +290,7 @@ func (as *authStore) UserDelete(r *pb.AuthUserDeleteRequest) (*pb.AuthUserDelete
|
|
|
func (as *authStore) UserChangePassword(r *pb.AuthUserChangePasswordRequest) (*pb.AuthUserChangePasswordResponse, error) {
|
|
|
// TODO(mitake): measure the cost of bcrypt.GenerateFromPassword()
|
|
|
// If the cost is too high, we should move the encryption to outside of the raft
|
|
|
- hashed, err := bcrypt.GenerateFromPassword([]byte(r.Password), bcrypt.DefaultCost)
|
|
|
+ hashed, err := bcrypt.GenerateFromPassword([]byte(r.Password), BcryptCost)
|
|
|
if err != nil {
|
|
|
plog.Errorf("failed to hash password: %s", err)
|
|
|
return nil, err
|
Anthony Romano