diff options
| author | Jason David Davies <jasondavies@apache.org> | 2010-01-12 19:29:23 +0000 |
|---|---|---|
| committer | Adam Kocoloski <adam@cloudant.com> | 2010-08-12 11:18:47 -0400 |
| commit | 604569c71035ac3b3f65a3fbf660cc555fc12730 (patch) | |
| tree | 5817aaa564b019316524f90d27b4d2b58c27bf2e | |
| parent | 46a2ebd50abc40a8a81a4ae6b4c48f0c678daadf (diff) | |
Add utility for verifying hashes.
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@898477 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | src/chttpd_auth.erl | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/chttpd_auth.erl b/src/chttpd_auth.erl index b13e12d1..416195d3 100644 --- a/src/chttpd_auth.erl +++ b/src/chttpd_auth.erl @@ -56,8 +56,9 @@ default_authentication_handler(Req) -> Props -> ExpectedHash = couch_util:get_value(<<"password_sha">>, Props), Salt = couch_util:get_value(<<"salt">>, Props), - case hash_password(?l2b(Password), Salt) of - ExpectedHash -> + PasswordHash = hash_password(?l2b(Password), Salt), + case couch_util:verify(ExpectedHash, PasswordHash) of + true -> Ctx = #user_ctx{ name = couch_util:get_value(<<"username">>, Props), roles = couch_util:get_value(<<"roles">>, Props) @@ -132,8 +133,9 @@ handle_session_req(#httpd{method='POST', mochi_req=MochiReq, user_ctx=Ctx}=Req) false -> Password = extract_password(Form), ExpectedHash = couch_util:get_value(<<"password_sha">>, User), - case hash_password(Password, UserSalt) of - ExpectedHash -> + PasswordHash = hash_password(Password, UserSalt), + case couch_util:verify(ExpectedHash, PasswordHash) of + true -> ok; _Else -> throw({forbidden, <<"Name or password is incorrect.">>}) @@ -270,8 +272,9 @@ cookie_auth_user(#httpd{mochi_req=MochiReq}=Req) -> UserSalt = couch_util:get_value(<<"salt">>, Result), FullSecret = <<Secret/binary, UserSalt/binary>>, ExpectedHash = crypto:sha_mac(FullSecret, [User, ":", TimeStr]), - case ?l2b(string:join(HashParts, ":")) of - ExpectedHash -> + PasswordHash = ?l2b(string:join(HashParts, ":")), + case couch_util:verify(ExpectedHash, PasswordHash) of + true -> TimeStamp = erlang:list_to_integer(TimeStr, 16), Timeout = erlang:list_to_integer(couch_config:get( "chttpd_auth", "timeout", "600")), |