Module passwords

Expand description

Generic password hash/verify + strength heuristic. See passwords::hash. Generic password hashing + strength checking.

For the tenancy-integrated user-password helpers, see [crate::tenancy::password]. This module is the lower-level standalone version — argon2id hashing + a minimal strength heuristic that doesn’t require importing tenancy types.

§Quick start

use rustango::passwords::{hash, verify, strength_score, StrengthIssue};

// Signup:
let issues = strength_score(&new_password);
if !issues.is_empty() {
    return Err(format!("password too weak: {:?}", issues));
}
let hashed = hash(&new_password)?;
// Store `hashed` in user row.

// Login:
let user = users::find_by_email(&email).await?;
if !verify(&attempted, &user.password_hash)? {
    return Err("bad credentials");
}

Enums§

PasswordError
StrengthIssue: One thing wrong with a candidate password.

Functions§

hash: Hash a password with argon2id. Returns the standard PHC string format.
strength_score: Score a candidate password. Returns an empty Vec when strong enough.
verify: Verify a password against an argon2 PHC hash.

Module passwords

Module passwords Copy item path

§Quick start

Enums§

Functions§

Module passwords