Merge pull request #985 from rockhouse/master
Switch to bcryptjs and make password comparison async
This commit is contained in:
commit
152da11256
@ -40,7 +40,7 @@
|
|||||||
"node": ">=4.2.0"
|
"node": ">=4.2.0"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"bcrypt-nodejs": "0.0.3",
|
"bcryptjs": "2.4.3",
|
||||||
"cheerio": "0.22.0",
|
"cheerio": "0.22.0",
|
||||||
"colors": "1.1.2",
|
"colors": "1.1.2",
|
||||||
"commander": "2.9.0",
|
"commander": "2.9.0",
|
||||||
|
@ -6,7 +6,7 @@ var path = require("path");
|
|||||||
var os = require("os");
|
var os = require("os");
|
||||||
var fs = require("fs");
|
var fs = require("fs");
|
||||||
var net = require("net");
|
var net = require("net");
|
||||||
var bcrypt = require("bcrypt-nodejs");
|
var bcrypt = require("bcryptjs");
|
||||||
|
|
||||||
var Helper = {
|
var Helper = {
|
||||||
config: null,
|
config: null,
|
||||||
@ -125,5 +125,5 @@ function passwordHash(password) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function passwordCompare(password, expected) {
|
function passwordCompare(password, expected) {
|
||||||
return bcrypt.compareSync(password, expected);
|
return bcrypt.compare(password, expected);
|
||||||
}
|
}
|
||||||
|
@ -192,17 +192,20 @@ function init(socket, client) {
|
|||||||
});
|
});
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (!Helper.password.compare(old || "", client.config.password)) {
|
|
||||||
|
Helper.password
|
||||||
|
.compare(old || "", client.config.password)
|
||||||
|
.then(matching => {
|
||||||
|
if (!matching) {
|
||||||
socket.emit("change-password", {
|
socket.emit("change-password", {
|
||||||
error: "The current password field does not match your account password"
|
error: "The current password field does not match your account password"
|
||||||
});
|
});
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
const hash = Helper.password.hash(p1);
|
||||||
|
|
||||||
var hash = Helper.password.hash(p1);
|
client.setPassword(hash, success => {
|
||||||
|
const obj = {};
|
||||||
client.setPassword(hash, function(success) {
|
|
||||||
var obj = {};
|
|
||||||
|
|
||||||
if (success) {
|
if (success) {
|
||||||
obj.success = "Successfully updated your password, all your other sessions were logged out";
|
obj.success = "Successfully updated your password, all your other sessions were logged out";
|
||||||
@ -213,6 +216,9 @@ function init(socket, client) {
|
|||||||
|
|
||||||
socket.emit("change-password", obj);
|
socket.emit("change-password", obj);
|
||||||
});
|
});
|
||||||
|
}).catch(error => {
|
||||||
|
log.error(`Error while checking users password. Error: ${error}`);
|
||||||
|
});
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
@ -267,19 +273,22 @@ function localAuth(client, user, password, callback) {
|
|||||||
return callback(false);
|
return callback(false);
|
||||||
}
|
}
|
||||||
|
|
||||||
var result = Helper.password.compare(password, client.config.password);
|
Helper.password
|
||||||
|
.compare(password, client.config.password)
|
||||||
|
.then(matching => {
|
||||||
|
if (Helper.password.requiresUpdate(client.config.password)) {
|
||||||
|
const hash = Helper.password.hash(password);
|
||||||
|
|
||||||
if (result && Helper.password.requiresUpdate(client.config.password)) {
|
client.setPassword(hash, success => {
|
||||||
var hash = Helper.password.hash(password);
|
|
||||||
|
|
||||||
client.setPassword(hash, function(success) {
|
|
||||||
if (success) {
|
if (success) {
|
||||||
log.info(`User ${colors.bold(client.name)} logged in and their hashed password has been updated to match new security requirements`);
|
log.info(`User ${colors.bold(client.name)} logged in and their hashed password has been updated to match new security requirements`);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
callback(matching);
|
||||||
return callback(result);
|
}).catch(error => {
|
||||||
|
log.error(`Error while checking users password. Error: ${error}`);
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
function ldapAuth(client, user, password, callback) {
|
function ldapAuth(client, user, password, callback) {
|
||||||
|
@ -10,14 +10,27 @@ describe("Client passwords", function() {
|
|||||||
// Generated with third party tool to test implementation
|
// Generated with third party tool to test implementation
|
||||||
let comparedPassword = Helper.password.compare(inputPassword, "$2a$11$zrPPcfZ091WNfs6QrRHtQeUitlgrJcecfZhxOFiQs0FWw7TN3Q1oS");
|
let comparedPassword = Helper.password.compare(inputPassword, "$2a$11$zrPPcfZ091WNfs6QrRHtQeUitlgrJcecfZhxOFiQs0FWw7TN3Q1oS");
|
||||||
|
|
||||||
expect(comparedPassword).to.be.true;
|
return comparedPassword.then(result => {
|
||||||
|
expect(result).to.be.true;
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
it("wrong hashed password should not match", function() {
|
||||||
|
// Compare against a fake hash
|
||||||
|
let comparedPassword = Helper.password.compare(inputPassword, "$2a$11$zrPPcfZ091WRONGPASSWORDitlgrJcecfZhxOFiQs0FWw7TN3Q1oS");
|
||||||
|
|
||||||
|
return comparedPassword.then(result => {
|
||||||
|
expect(result).to.be.false;
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
it("freshly hashed password should match", function() {
|
it("freshly hashed password should match", function() {
|
||||||
let hashedPassword = Helper.password.hash(inputPassword);
|
let hashedPassword = Helper.password.hash(inputPassword);
|
||||||
let comparedPassword = Helper.password.compare(inputPassword, hashedPassword);
|
let comparedPassword = Helper.password.compare(inputPassword, hashedPassword);
|
||||||
|
|
||||||
expect(comparedPassword).to.be.true;
|
return comparedPassword.then((result) => {
|
||||||
|
expect(result).to.be.true;
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
it("shout passwords should be marked as old", function() {
|
it("shout passwords should be marked as old", function() {
|
||||||
|
Loading…
Reference in New Issue
Block a user