跳转至

Protect your password in the configuration file

{
  "account_mapping": [
    { "username": "user-raw", "password": "password", "permissions": ["+"] },
    {
      "username": "user-hashlib",
      "password": "<hashlib>:sha256:salt:291e247d155354e48fec2b579637782446821935fc96a5a08a0b7885179c408b",
      "permissions": ["+^/$"]
    },
    {
      "username": "user-digest",
      "password": "<digest>:ASGI-WebDAV:c1d34f1e0f457c4de05b7468d5165567",
      "permissions": ["+^/$"]
    },
    {
      "username": "user-ldap",
      "password": "<ldap>#1#ldaps://your.ldap.server.com#SIMPLE#uid=user-ldap,cn=users,dc=your.ldap.server.com",
      "permissions": ["+^/$"]
    },
    {
      "username": "*ldap",
      "password": "<ldap>#2#ldaps://your.ldap.server.com#cert_policy=try#uid={username},cn=users,dc=your.ldap.server.com",
      "permissions": ["+^/$"]
    }
  ]
}

Raw Mode

user user-raw's password is real password

hashlib Mode

password's format is "<hashlib>:{algorithm}:{salt}:{hashed-password}"

{algorithm}

A list of supported {algorithms} can be found at Python's docs

The commonly used algorithms:

  • sha256
  • sha384
  • sha512
  • blake2b (optimized for 64-bit platforms)
  • blake2s (optimized for 8- to 32-bit platforms)

{salt}

{salt} can be any string

{hashed-password}

{hashed-password}'s format is ALGORITHM(bytes("{salt}:{password}")).hexdigest()

example:

  • {algorithm}: sha256
  • {salt}: salt
  • {password}: password
>>> import hashlib
>>> hashlib.new("sha256", "{}:{}".format("salt", "password").encode("utf-8")).hexdigest()
'291e247d155354e48fec2b579637782446821935fc96a5a08a0b7885179c408b'

Ref

HTTP Digest Mode

password's format is <digest>:{realm}:{HA1}

{realm}

ASGI-WebDAV

{HA1}

{HA1}'s format is md5(bytes("{username}:{realm}:{password}")).hexdigest()

example:

  • {username}: user-digest
  • {realm}: ASGI-WebDAV
  • {password}: password
>>> import hashlib
>>> hashlib.new("md5", "{}:{}:{}".format("user-digest", "ASGI-WebDAV", "password").encode("utf-8")).hexdigest()
'c1d34f1e0f457c4de05b7468d5165567'

Ref

LDAP(v1) (experimental)

password format

"<ldap>#1#{ldap-uri}#{mechanism}#{ldap-user}"

{ldap-uri}

Example:

ldap://your.ldap.server.com ldaps://your.tls.ldap.server.com

{mechanism}

Example:

SIMPLE ...

{ldap-user}

Example:

uid=you-name,cn=users,dc=ldap,dc=server,dc=com

LDAP(v2)

username

Use "*" as username

password format

"<ldap>#2#ldaps://{ldap-uri}#{params}#{user-dn-pattern}"

permissions

Warning

permissions will be automatically applied to all ldap accounts.

{ldap-uri}

Example:

ldap://your.ldap.server.com ldaps://your.tls.ldap.server.com

Ref

{params}

This is a query string specifying additional optional settings. Only one is supported as of now:

cert_policy indicates the policy about server verification. The allowed values are:

  • try or demand: The server cert will be verified, and if it fais, an error will be raised. This is the default.
  • never or allow: The server cert will be used without any verification.

Example:

cert_policy=try

Ref

{user-dn-pattern}

Specify the user DN pattern, with a username substitution field. Example:

uid={username},cn=users,dc=ldap,dc=server,dc=com

Compatibility

HTTP Basic auth HTTP Digest auth
Raw Mode Y Y
hashlib Mode Y N
HTTP Digest Mode Y Y
LDAP(v1) Y N
LDAP(v2) Y N