diff options
author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-07-03 11:06:44 +0200 |
---|---|---|
committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-07-03 11:13:22 +0200 |
commit | 50aa57c3483ea6e489870e44498fb322a01cc979 (patch) | |
tree | c6841ed38f607b49116f95e90bd76ae239228790 /src/scm/webid-oidc/authorization-endpoint.scm | |
parent | 752baccc78ecfc769c0aa228f1af2e1ec1c30027 (diff) |
Do not accept the password in clear, use an encrypted password
Diffstat (limited to 'src/scm/webid-oidc/authorization-endpoint.scm')
-rw-r--r-- | src/scm/webid-oidc/authorization-endpoint.scm | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/scm/webid-oidc/authorization-endpoint.scm b/src/scm/webid-oidc/authorization-endpoint.scm index 3c4a730..9ff994c 100644 --- a/src/scm/webid-oidc/authorization-endpoint.scm +++ b/src/scm/webid-oidc/authorization-endpoint.scm @@ -29,7 +29,11 @@ #:use-module (ice-9 receive) #:use-module (ice-9 optargs)) -(define*-public (make-authorization-endpoint subject the-password alg jwk validity +(define (verify-password encrypted-password password) + (let ((c (crypt password encrypted-password))) + (string=? c encrypted-password))) + +(define*-public (make-authorization-endpoint subject encrypted-password alg jwk validity #:key (http-get http-get) (current-time current-time)) @@ -81,7 +85,7 @@ (error-no-redirect-uri locale)) ((and (eq? method 'POST) (string? password) - (string=? password the-password)) + (verify-password encrypted-password password)) (with-exception-handler (lambda (error) (error-application locale error)) @@ -123,7 +127,7 @@ (else (authorization-page locale (not (and password - (string=? password the-password))) + (verify-password encrypted-password password))) client-id uri))))))) |