This etherpad-lite plugin allows the usage of hashed passwords for authentication. As of version 2.x it uses the crypto lib and/or the bcrypt lib for comparison. Besides settings.json, it is now possible to store the user-database in a filesystem hierarchy. The hash files are read on authentication.
"users": {
"admin": {"password": "admin","is_admin": true},
"y": {"is_admin": true, "hash": "b2112aa7399 ... b071ea5976"},
"z": {"is_admin": true, "hash": "b5152ab7359 ... a041fa5646", "displayname": "Jane Doe"}
}
optionally specify hash type and digest, folders and extension, defaults are:
"ep_hash_auth": {
"hash_typ": "sha512",
"hash_dig": "hex",
"hash_dir": "/var/etherpad/users",
"hash_ext": "/.hash",
"hash_adm": false,
"displayname_ext": "/.displayname"
},
This means user Alice would have to have her hash in sha512 hex OR in bcrypt format in the following file:
/var/etherpad/users/Alice/.hash
The hash_adm parameter defines the role of file-authenticated users, by default they are not admins.
The displayname_ext parameter defines from which file the displayname of a user can be read. If the file does not exist for a user, the displayname remains unchanged.
apt-get install -yqq python-bcrypt
python -c 'import bcrypt; print(bcrypt.hashpw(b"password", bcrypt.gensalt(rounds=10, prefix=b"2a")))'
var scrypt = require('scrypt');
console.log(scrypt.kdfSync("password", scrypt.paramsSync(0.1)));
var argon2 = require('argon2');
argon2.hash("password", {timeCost: 4, memoryCost: 2 ** 13, parallelism: 2, type: argon2.argon2i}).then(hash => {console.log(hash);});
- István Király LaKing (author and maintainer)
- Robin
ypid
Schneider (contributor) - id01 (contributor)