View Source EctoSessions.AuthToken (Ecto Sessions v0.3.0)

This module handles the generation and hashing of auth tokens. Auth token is a cryptographically random string used for Authorization.

Link to this section Summary

Functions

Generates a cryptographically random auth token.

Given an auth token, hashes it and salts it. Hashing and salting can be disabling passng nil. But salting only works when hashing is enabled.

Hashes a token with the provided hashing algorithm. Uses erlang's :cripto module.

Appends a global, secret salt to the given token. Sometimes referred as pepper.

Link to this section Functions

@spec generate_token(non_neg_integer()) :: binary()

Generates a cryptographically random auth token.

length is a positive integer that will dictate the length of the token. For authentication purposes it should not be lower than 32.

The token will contain characters from A-z, 0-9 plus _ and -. The number of unique possible strings (entropy) can be calculated as 64^length.

Link to this function

get_digest(plaintext_token, hashing_algorithm, secret_salt)

View Source
@spec get_digest(binary(), atom() | nil, binary() | nil) :: binary()

Given an auth token, hashes it and salts it. Hashing and salting can be disabling passng nil. But salting only works when hashing is enabled.

See hash ad add_salt for further reference.

examples

Examples

iex> get_digest("sample", nil, nil)
"sample"

iex> get_digest("sample", :sha256, nil)
"af2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e9891562113d8a62add1bf"

iex> get_digest("sample", :sha256, "your-secret-salt")
"709a5d6cba7d3162a1035b0a9cd13064ee4cbe4587cbcc4e378d831e728310c7"
Link to this function

hash(auth_token, hashing_algorithm)

View Source
@spec hash(binary(), atom()) :: any()

Hashes a token with the provided hashing algorithm. Uses erlang's :cripto module.

hashing_algorithm can be:

  • :sha
  • :sha224
  • :sha256
  • :sha384
  • :sha512
  • :sha3_224
  • :sha3_256
  • :sha3_384
  • :sha3_512
  • :blake2b
  • :blake2s
  • :ripemd160
  • nil to not hash, and store tokens in plaintext - not recommended;

See erlang's crypto's hash_algorithm() for more information

examples

Examples

iex> hash("sample", nil)
"sample"

iex> hash("sample", :sha256)
"af2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e9891562113d8a62add1bf"

iex> hash("sample", :sha256)
"af2bdbe1aa9b6ec1e2ade1d694f41fc71a831d0268e9891562113d8a62add1bf"

iex> hash("sample", :sha512)
"39a5e04aaff7455d9850c605364f514c11324ce64016960d23d5dc57d3ffd8f4" <>
  "9a739468ab8049bf18eef820cdb1ad6c9015f838556bc7fad4138b23fdf986c7"

iex> hash("sample", :sha3_256)
"f68f564e181663381ef67ae5849d3dd1d0f1044cf468d0a0b7875e4ff121906f"

iex> hash("sample", :nil)
"sample"
@spec salt(binary(), binary()) :: binary()

Appends a global, secret salt to the given token. Sometimes referred as pepper.

examples

Examples

iex> salt("sample", nil)
"sample"

iex> salt("sample", "your-secret-salt")
"your-secret-saltsample"