Comments (9)
@EntropyValley , I need to find some time to update this module.
from caddy-security.
@pav67 , that is a bug. There were recent changes to bcrypt library. Will fix and make a new release. Thank you for reporting this!
from caddy-security.
@sdsys-ch , I would try looking at it this week.
from caddy-security.
Appreciated! Great to see all the activity around caddy-security. Thanks
from caddy-security.
Any updates on this @greenpau? API Key Generation still seems to be broken in the current version. Is there a way to temporarily generate my own API key and manually add it until this is fixed?
from caddy-security.
@greenpau , I've created a dirty fix for this issue in a private repo. I'm not sure if it breaks anything or if there are security considerations I'm not aware of?
I've tested this locally and my fix allows authentication via X-Api-Key Header with ApiKeys generated via the local portal (diff for go-authcrunch - pkg:identity:database.go):
@@ -566,7 +566,7 @@ func (db *Database) AddAPIKey(r *requests.Request) error {
if err != nil {
return errors.ErrAddAPIKey.WithArgs(r.Key.Usage, err)
}
- s := GetRandomStringFromRange(72, 96)
+ s := GetRandomString(72)
failCount := 0
for {
hk, err := NewPassword(s)
Since bcrypt now enforces a hard limit of 72 (non-unicode) chars, this fixes the issue.
If you don't see any issues with this, I can create a pull request. If not, let me know what I've overlooked and I might try to fix my patch?
from caddy-security.
@sdsys-ch , @pav67 , @EntropyValley , I added a fix for this. Will be available in the next release.
from caddy-security.
@sdsys-ch , thank you for the gift! Much appreciated 🎉
from caddy-security.
@pav67, @sdsys-ch , @EntropyValley , I am looking to add testimonial sections to https://authcrunch.com. Could you please write one and send it to me at [email protected]?
from caddy-security.
Related Issues (20)
- Apple Passkeys HOT 2
- Is caddy-security has cache?
- How to set a custom session timeout value? HOT 1
- breakfix: Azure OAuth2 config not working HOT 3
- Incredibly bad question HOT 2
- question: Is it possible only to verify KeyCloak access token
- question: API Key in Authorization: Bearer header HOT 1
- Use OIDC/SAML backwards to pass valid jwt token/roles/user to other Oauth/SAML compatible apps protected by Caddy reverse proxy HOT 1
- question: Passkey support HOT 10
- question: inject headers not presented HOT 15
- announcement: Profile UI Release HOT 1
- help needed: Support The Project
- breakfix: ACL path/method rules always seem to result in a miss HOT 2
- Integrate SSO with Google SAML HOT 2
- Integration with Oauth provider LemonLDAP is not working HOT 3
- feature: LDAP assumes memberof is available which is deprecated in OpenLDAP HOT 1
- breakfix: GitHub oauth2 flow always redirects back to /login even after successful login HOT 5
- feature: PKCE challange
- Is it possible to postpone the access_token expiration with every call? HOT 9
- question: Where can we get configuration details for the AWS Cognito IdP? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from caddy-security.