Assumption free, adapter based password management for Elixir.
This package can be installed by adding hora to your list of dependencies in
mix.exs:
def deps do
[
{:hora, "~> 1.0.0"},
{:comeonin, "~> 3.0"}, # optional, needed for bcrypt and pbkdf2_sha512 support
{:ecto, "~> 2.1"} # optional, needed for changeset support
]
endHora takes an adapter based strategy for defining the cryptographic functions used to secure passwords. We provide support for bcrypt and pbkdf2_sha512 but it's possible to use your own custom adapters as well.
iex> Hora.verify_password("uncrypted_password", "crypted_password")
iex> Hora.secure_password("uncrypted_password")defmodule MyModule do
use Ecto.Schema
schema "my_schema" do
field :password, :string, virtual: true
field :password_digest, :string
end
def changeset(schema, params) do
schema
|> cast(params, [:password])
|> Hora.Changeset.put_secure_password(:password, :password_digest)
end
endYou can define which adapter to use and it's options in one of two ways:
- Through application configuration
Example
config :hora,
adapter: Hora.Adapter.Bcrypt,
adapter_options: [log_rounds: 14]- When using the Hora functions:
Example
Hora.secure_password("uncrypted_password", adapter: Hora.Adapter.Bcrypt)Hora.verify_password("uncrypted_password", "crypted_password", adapter: Hora.Adapter.Bcrypt)Hora.Changeset.put_secure_password("uncrypted_password", adapter: Hora.Adapter.Bcrypt)