Very simple questions: 99% of times a system does not have the user's
secret but only some hashed form of it.
I need to pass the clear-text password to the verifySecret method in the
Provided credentials, in order to match it with the one in the basic
authentication header.
Is all the BasicAuthentication code useless unless I know the user's secret
or there's something I'm missing? Right now I'm basically rewriting that
code to apply bcrypt to the received password and compare it with the
hashed value i retrieve from the user service.
I see some nice-to-have features like fastfutures and secure comparisons,
but if I can only compare to the clear text data it's not much use.
Something like a "mapSecret" would be useful.
Thanks
G
object UserCredentials {
case object Missing extends UserCredentials
abstract case class Provided(username: String) extends UserCredentials {
def verifySecret(secret: String): Boolean
}
}
--
>>>>>>>>>> Read the docs: http://akka.io/docs/
>>>>>>>>>> Check the FAQ:
>>>>>>>>>> http://doc.akka.io/docs/akka/current/additional/faq.html
>>>>>>>>>> Search the archives: https://groups.google.com/group/akka-user
---
You received this message because you are subscribed to the Google Groups "Akka
User List" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to akka-user+unsubscr...@googlegroups.com.
To post to this group, send email to akka-user@googlegroups.com.
Visit this group at http://groups.google.com/group/akka-user.
For more options, visit https://groups.google.com/d/optout.
