liquid_feedback_frontend

diff model/member.lua @ 905:e3887fea39fa

find changesets by author, revision, files, or words in the commit message
Added support for SHA-2 based password hashing
author bsw
date Sun Sep 23 14:35:20 2012 +0200 (2012-09-23)
parents b51f9500a9b2
children a2c5707035ea
line diff
     1.1 --- a/model/member.lua	Sun Aug 26 22:37:49 2012 +0200
     1.2 +++ b/model/member.lua	Sun Sep 23 14:35:20 2012 +0200
     1.3 @@ -271,14 +271,46 @@
     1.4  
     1.5  function Member.object:set_password(password)
     1.6    trace.disable()
     1.7 +  
     1.8 +  local hash_prefix
     1.9 +  local salt_length
    1.10 +
    1.11 +  local function rounds()
    1.12 +    return multirand.integer(
    1.13 +      config.password_hash_min_rounds,
    1.14 +      config.password_hash_max_rounds
    1.15 +    )
    1.16 +  end
    1.17 +      
    1.18 +  if config.password_hash_algorithm == "crypt_md5" then
    1.19 +    hash_prefix = "$1$" 
    1.20 +    salt_length = 8
    1.21 +    
    1.22 +  elseif config.password_hash_algorithm == "crypt_sha256" then
    1.23 +    hash_prefix = "$5$rounds=" .. rounds() .. "$"
    1.24 +    salt_length = 16
    1.25 +    
    1.26 +  elseif config.password_hash_algorithm == "crypt_sha512" then
    1.27 +    hash_prefix = "$6$rounds=" .. rounds() .. "$"
    1.28 +    salt_length = 16
    1.29 +    
    1.30 +  else
    1.31 +    error("Unknown hash algorithm selected in configuration")
    1.32 +
    1.33 +  end
    1.34 +
    1.35    local hash = extos.crypt(
    1.36      password,
    1.37 -    "$1$" .. multirand.string(
    1.38 -      8,
    1.39 +    hash_prefix .. multirand.string(
    1.40 +      salt_length,
    1.41        "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"
    1.42      )
    1.43    )
    1.44 -  assert(hash, "extos.crypt failed")
    1.45 +
    1.46 +  if not hash or hash:sub(1, #hash_prefix) ~= hash_prefix then
    1.47 +    error("Password hashing algorithm failed")
    1.48 +  end
    1.49 +  
    1.50    self.password = hash
    1.51  end
    1.52  
    1.53 @@ -290,6 +322,44 @@
    1.54    end
    1.55  end
    1.56  
    1.57 +function Member.object_get:password_hash_needs_update()
    1.58 +  
    1.59 +  if self.password == nil then
    1.60 +    return nil
    1.61 +  end
    1.62 +
    1.63 +  local function check_rounds(rounds)
    1.64 +    if rounds then
    1.65 +      rounds = tonumber(rounds)
    1.66 +      if 
    1.67 +        rounds >= config.password_hash_min_rounds and 
    1.68 +        rounds <= config.password_hash_max_rounds
    1.69 +      then
    1.70 +        return false
    1.71 +      end
    1.72 +    end
    1.73 +    return true
    1.74 +  end
    1.75 +  
    1.76 +  if config.password_hash_algorithm == "crypt_md5" then
    1.77 +
    1.78 +    return self.password:sub(1,3) ~= "$1$"
    1.79 +    
    1.80 +  elseif config.password_hash_algorithm == "crypt_sha256" then
    1.81 +    
    1.82 +    return check_rounds(self.password:match("^%$5%$rounds=([1-9][0-9]*)%$"))
    1.83 +    
    1.84 +  elseif config.password_hash_algorithm == "crypt_sha512" then
    1.85 +
    1.86 +    return check_rounds(self.password:match("^%$6%$rounds=([1-9][0-9]*)%$"))
    1.87 +
    1.88 +  else
    1.89 +    error("Unknown hash algorithm selected in configuration")
    1.90 +
    1.91 +  end
    1.92 +  
    1.93 +end
    1.94 +
    1.95  function Member.object_get:published_contacts()
    1.96    return Member:new_selector()
    1.97      :join('"contact"', nil, '"contact"."other_member_id" = "member"."id"')

Impressum / About Us