update to password struct impl #33
Conversation
|
Introduced a new type, So in instances where we retrieve a user from the store, we parse the stored password, a hashed password string, to |
letsgetrusty
left a comment
letsgetrusty
left a comment
There was a problem hiding this comment.
What made you decide to go with a separate HashedPassword type instead of doing validation/hashing in the original Password type? I'm not suggesting one approach over the other, I just want to understand the trade offs.
|
@letsgetrusty I planned to extend the |
|
@EleisonC I doing see any new changes. Are you going to push them up? |
|
I am making the changnes now |
|
Hey @letsgetrusty, sorry for the delay. This should be it. We only store a Hashed password; we never store the raw password. Only use the raw password in the login for user password validation |
letsgetrusty
left a comment
letsgetrusty
left a comment
There was a problem hiding this comment.
LGTM! Just one small comment.
After addressing the comment please update ClickUp. Note that we'll need to check the sprint this change was introduced in and all future sprints.
We'll also need to make code updates to future sprints after this PR is merged.
|
Rename Password to HashedPassword. Update PostgresUserStore @letsgetrusty What do you think |
|
@EleisonC Can you checkout the branch for Sprint 4 and then follow the Sprint 5 instructions to see if you can implement the changes and the instructions are clear? |
I see what you mean. I did what you suggested, and this is the new Password Hashing block What do you think? @letsgetrusty |
2 participants
Issue: #5 (comment)
This PR introduces a method, Password::from_password_hash, that safely wraps a cryptographically valid Argon2 PasswordHash into a Password instance. It ensures the User model correctly represents stored hashes without running validation meant for plaintext password input.