Wt  4.11.1
Public Member Functions | List of all members
Wt::Auth::PasswordVerifier Class Reference

Password hash computation and verification class. More...

#include <Wt/Auth/PasswordVerifier.h>

Inheritance diagram for Wt::Auth::PasswordVerifier:
[legend]

Public Member Functions

 PasswordVerifier ()
 Constructor.
 
virtual ~PasswordVerifier ()
 Destructor.
 
void setSaltLength (int words)
 Sets the salt length. More...
 
int saltLength () const
 Returns the salt length.
 
void addHashFunction (std::unique_ptr< HashFunction > function)
 Adds a hash function. More...
 
const std::vector< HashFunction * > hashFunctions () const
 Returns the list of hash functions. More...
 
virtual bool needsUpdate (const PasswordHash &hash) const override
 Returns whether a password hash needs to be updated (recomputed). More...
 
virtual PasswordHash hashPassword (const WString &password) const override
 Computes the password hash for a clear text password. More...
 
virtual bool verify (const WString &password, const PasswordHash &hash) const override
 Verifies a password against a hash. More...
 
- Public Member Functions inherited from Wt::Auth::PasswordService::AbstractVerifier
virtual ~AbstractVerifier ()
 Destructor.
 

Detailed Description

Password hash computation and verification class.

This class implements the logic for comparing passwords against password hashes, or computing a new password hash for a password.

One or more hash functions can be added, which allow you to introduce a new "preferred" hash function while maintaining support for verifying existing passwords hashes.

Member Function Documentation

◆ addHashFunction()

void Wt::Auth::PasswordVerifier::addHashFunction ( std::unique_ptr< HashFunction function)

Adds a hash function.

The first hash function added is the one that will be used for creating new password hashes, i.e. the "preferred" hash function. The other hash functions are used only for verifying existing hash passwords. This allows you to move to new hash functions as other ones are no longer deemed secure.

Each hash function has a unique name, which is annotated in the generated hash to identify the appropriate hash funtion to evaluate it.

Ownership of the hash functions is transferred.

See also
hashFunctions()

◆ hashFunctions()

const std::vector< HashFunction * > Wt::Auth::PasswordVerifier::hashFunctions ( ) const

Returns the list of hash functions.

This returns a list with references to hashfunctions that have been added with addHashFunction().

◆ hashPassword()

PasswordHash Wt::Auth::PasswordVerifier::hashPassword ( const WString password) const
overridevirtual

Computes the password hash for a clear text password.

This creates new salt and applies the "preferred" hash function to the salt and clear text password to compute the hash.

See also
verify()

Implements Wt::Auth::PasswordService::AbstractVerifier.

◆ needsUpdate()

bool Wt::Auth::PasswordVerifier::needsUpdate ( const PasswordHash hash) const
overridevirtual

Returns whether a password hash needs to be updated (recomputed).

A hash may need to be updated if it has been computed with a cryptographic method that is being disfavoured.

Implements Wt::Auth::PasswordService::AbstractVerifier.

◆ setSaltLength()

void Wt::Auth::PasswordVerifier::setSaltLength ( int  words)

Sets the salt length.

The salt length is used to create new salt when a new password is being hashed.

The salt length is specified in bytes, but should be a multiple of 3 (so that Base64 encoding yields an integral number of bytes).

The default length is 12.

See also
hashPassword()

◆ verify()

bool Wt::Auth::PasswordVerifier::verify ( const WString password,
const PasswordHash hash 
) const
overridevirtual

Verifies a password against a hash.

This verifies whether the password matches the hash.

See also
hashPassword()

Implements Wt::Auth::PasswordService::AbstractVerifier.