Hi everyone! My users have a username/password to login to their personal deployment of our application, and I want to give them the same credentials to log in to the Graylog dashboard to view their logs. They can self-serve a password update, which triggers an event to update the password in our application. I need to find a way to update their password for Graylog at the same time.
The difficulty is, I don’t have the plaintext of their password, so I can’t just PUT the new value to /users/{username}/password. When they self-serve their new password, we immediately hash it and store it to our database. The update event in our application pulls the hash from the db, and never sees the plaintext. I was planning to do the same for Graylog (store an appropriately hashed version of the password in our db, and have the update event use this hash only). But I can’t figure out how to make this work.
So far, I’ve been generating password hashes with the sequence of commands recommended for the admin SHA2 parameter:
echo password | tr -d '\n' | sha256sum | cut -d" " -f1
I was thinking I could take the result of this and update the password value in the mongodb directly. Looking at entries in mongo, I can see they look like this:
"{bcrypt}$2a$10$mBTc2Pct0OQPVgqDsr6DkeKtYiauvbnZUqhNw9vxCbmAez66ktnP2{salt}$2a$10$mBTc2Pct0OQPVgqDsr6Dke"
My question is, how do I go from the sha256sum output to this value in mongo? Or alternatively, how do I go straight from the plaintext to this value in mongo (which I can store in our user db and have the update event access)? Or is there another option I haven’t thought of?
Thanks for your time, and a great product!