将外部用户导入到Firebase

huangapple go评论81阅读模式
英文:

Import external user to firebase

问题

我想将外部数据库中的用户导入到Firebase中。

密码是使用sha256函数进行哈希处理的,密码前面加上了一个盐(即UUID)。

例如:

password = "123qwerty!"
salt = "cb60eb29-95a2-418e-be2a-c1c107fb1add"
hash = sha256(salt+password)
# 54ccb21d42c6961aa1b666b7cb0485f85aab2f2323399fb2959ea5e4e9f6f595

现在要将其导入到Firebase中,我会执行以下操作:

users = []*auth.UserToImport
users = append(users, (&auth.UserToImport{}).
	UID("some-uid").
	Email("jon.foo@example.com").
	PasswordHash([]byte("54ccb21d42c6961aa1b666b7cb0485f85aab2f2323399fb2959ea5e4e9f6f595")).
    PasswordSalt([]byte("cb60eb29-95a2-418e-be2a-c1c107fb1add")).
	DisplayName("Jon FOO"))

h := hash.SHA256{
	Rounds:     1,
	InputOrder: hash.InputOrderSaltFirst,
}
res, err := cl.ImportUsers(ctx, users, auth.WithHash(h))
if err != nil {
    log.Fatal(err)
}

用户已成功导入Firebase(我可以在控制台中看到),但是当我尝试登录时,出现错误密码无效或用户没有密码

我无法确定问题出在哪里,也许应该更新Rounds参数,但应该更新为什么值呢?

谢谢!

英文:

I want to import users from an external database to firebase.

The password were hashed with a sha256 function with the password prepended by a salt (which is a UUID).

For example:

password = "123qwerty!"
salt = "cb60eb29-95a2-418e-be2a-c1c107fb1add"
hash = sha256(salt+password)
# 54ccb21d42c6961aa1b666b7cb0485f85aab2f2323399fb2959ea5e4e9f6f595

Now to import this to firebase I would do the following:

users = []*auth.UserToImport
users = append(users, (&auth.UserToImport{}).
	UID("some-uid").
	Email("jon.foo@example.com").
	PasswordHash([]byte("54ccb21d42c6961aa1b666b7cb0485f85aab2f2323399fb2959ea5e4e9f6f595")).
    PasswordSalt([]byte("cb60eb29-95a2-418e-be2a-c1c107fb1add")).
	DisplayName("Jon FOO"))

h := hash.SHA256{
	Rounds:     1,
	InputOrder: hash.InputOrderSaltFirst,
}
res, err := cl.ImportUsers(ctx, users, auth.WithHash(h))
if err != nil {
    log.Fatal(err)
}

The user is well imported in firebase (I can see it in the console), but when I try to login, I have this error The password is invalid or the user does not have a password.

I cannot see what is wrong with my way, maybe the Rounds parameter should be updated, but to what value?

Thanks!

答案1

得分: 0

我终于找到了问题所在。
在我的情况下,我将PasswordHash设置为密码的十六进制表示:

PasswordHash([]byte("54ccb21d42c6961aa1b666b7cb0485f85aab2f2323399fb2959ea5e4e9f6f595")).

结果发现我首先必须解码密码,如下所示:

decoded, err := hex.DecodeString("54ccb21d42c6961aa1b666b7cb0485f85aab2f2323399fb2959ea5e4e9f6f595")
if err != nil {
	return err
}
user := (&auth.UserToImport{}).
    PasswordHash(decoded).
    PasswordSalt([]byte("cb60eb29-95a2-418e-be2a-c1c107fb1add")). // 盐保持不变
    ...

// 使用相同的哈希配置(Rounds: 1, InputOrder: SaltFirst)调用ImportUsers

更新后,我运行了代码,现在可以使用导入的用户进行身份验证了。

快速说明:如评论中所提到的,节点 SDK 没有指定输入顺序(先盐还是先密码)的选项,这似乎是一个重要的缺失功能。

英文:

I finally found my issue.
In my case I was giving as the PasswordHash the hex representation of the password:

PasswordHash([]byte("54ccb21d42c6961aa1b666b7cb0485f85aab2f2323399fb2959ea5e4e9f6f595")).

It turns out I have to decode first the password, like the following:

decoded, err := hex.DecodeString("54ccb21d42c6961aa1b666b7cb0485f85aab2f2323399fb2959ea5e4e9f6f595")
if err != nil {
	return err
}
user := (&auth.UserToImport{}).
    PasswordHash(decoded).
    PasswordSalt([]byte("cb60eb29-95a2-418e-be2a-c1c107fb1add")). // the salt stays the same
    ...

// call ImportUsers with the same hash configuration (Rounds: 1, InputOrder: SaltFirst)

After updating this I ran the code and I could now authenticate with my imported user.

Quick note: as mentionned in the comment, the node SDK does not have the option to specify the input order (salt or password first), this seems to be an important missing feature.

huangapple
  • 本文由 发表于 2022年2月8日 21:43:05
  • 转载请务必保留本文链接:https://go.coder-hub.com/71034926.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定