make auth.salt parameter optional

Used implementation of the hasher includes salt itself, thus additional salt is optional and can be safely (in terms of security) treat as empty string
2025-06-28 06:41:43 +00:00 · 2023-08-11 16:31:47 +03:00
parent 480c3a54b8
commit c863ee063c
7 changed files with 18 additions and 10 deletions
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@ -54,7 +54,7 @@ Base authorization settings. ``OAuth`` provider requires ``aioauth-client`` libr
 * ``max_age`` - parameter which controls both cookie expiration and token expiration inside the service, integer, optional, default is 7 days.
 * ``oauth_provider`` - OAuth2 provider class name as is in ``aioauth-client`` (e.g. ``GoogleClient``, ``GithubClient`` etc), string, required in case if ``oauth`` is used.
 * ``oauth_scopes`` - scopes list for OAuth2 provider, which will allow retrieving user email (which is used for checking user permissions), e.g. ``https://www.googleapis.com/auth/userinfo.email`` for ``GoogleClient`` or ``user:email`` for ``GithubClient``, space separated list of strings, required in case if ``oauth`` is used.
-* ``salt`` - password hash salt, string, required in case if authorization enabled (automatically generated by ``user-add`` subcommand).
+* ``salt`` - additional password hash salt, string, optional.

 Authorized users are stored inside internal database, if any of external provides are used the password field for non-service users must be empty.