summaryrefslogtreecommitdiff
path: root/src/couchdb
diff options
context:
space:
mode:
authorJan Lehnardt <jan@apache.org>2009-09-02 09:35:05 +0000
committerJan Lehnardt <jan@apache.org>2009-09-02 09:35:05 +0000
commit2fa163c599b81018a60790cb7a0400e21e8d6d89 (patch)
tree9393a34cdeeb80c0b550292dd9c843551f3f3e54 /src/couchdb
parenta6a8f53c6d098f996cb85bf088af6766f2153abc (diff)
use the same password hash calculation for user creation via ini file and user db, patch by Benoit Chesneau, closes COUCHDB-492
git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@810435 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'src/couchdb')
-rw-r--r--src/couchdb/couch_httpd_auth.erl14
1 files changed, 8 insertions, 6 deletions
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl
index 3b076bef..e7a2e3a1 100644
--- a/src/couchdb/couch_httpd_auth.erl
+++ b/src/couchdb/couch_httpd_auth.erl
@@ -48,7 +48,6 @@ basic_username_pw(Req) ->
AuthorizationHeader = header_value(Req, "Authorization"),
case AuthorizationHeader of
"Basic " ++ Base64Value ->
- io:format("~n~nBase64Value: '~p'~n~n", [Base64Value]),
case string:tokens(?b2l(couch_util:decodeBase64(Base64Value)),":") of
[User, Pass] ->
{User, Pass};
@@ -285,6 +284,9 @@ cookie_auth_cookie(User, Secret, TimeStamp) ->
couch_util:encodeBase64Url(SessionData ++ ":" ++ ?b2l(Hash)),
[{path, "/"}, {http_only, true}]). % TODO add {secure, true} when SSL is detected
+hash_password(Password, Salt) ->
+ ?l2b(couch_util:to_hex(crypto:sha(<<Password/binary, Salt/binary>>))).
+
% Login handler with user db
handle_login_req(#httpd{method='POST', mochi_req=MochiReq}=Req, #db{}=Db) ->
ReqBody = MochiReq:recv_body(),
@@ -301,7 +303,7 @@ handle_login_req(#httpd{method='POST', mochi_req=MochiReq}=Req, #db{}=Db) ->
Result -> Result
end,
UserSalt = proplists:get_value(<<"salt">>, User, <<>>),
- PasswordHash = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary, Password/binary>>)),
+ PasswordHash = hash_password(Password, UserSalt),
case proplists:get_value(<<"password_sha">>, User, nil) of
ExpectedHash when ExpectedHash == PasswordHash ->
Secret = ?l2b(couch_config:get("couch_httpd_auth", "secret", nil)),
@@ -380,7 +382,7 @@ create_user_req(#httpd{method='POST', mochi_req=MochiReq}=Req, Db) ->
end,
UserSalt = couch_util:new_uuid(),
- PasswordHash = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary, Password/binary>>)),
+ PasswordHash = hash_password(Password, UserSalt),
DocId = couch_util:new_uuid(),
{ok, UserDoc} = user_doc(DocId, UserName, UserSalt, PasswordHash, Email, Active, Roles1),
{ok, _Rev} = couch_db:update_doc(Db, UserDoc, []),
@@ -435,7 +437,7 @@ update_user_req(#httpd{method='PUT', mochi_req=MochiReq, user_ctx=UserCtx}=Req,
Hash = case Password of
<<>> -> CurrentPasswordHash;
_Else ->
- H = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary, Password/binary>>)),
+ H = hash_password(Password, UserSalt),
H
end,
Hash;
@@ -447,11 +449,11 @@ update_user_req(#httpd{method='PUT', mochi_req=MochiReq, user_ctx=UserCtx}=Req,
_P when length(OldPassword) == 0 ->
throw({forbidden, <<"Old password is incorrect.">>});
_Else ->
- OldPasswordHash = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary, OldPassword1/binary>>)),
+ OldPasswordHash = hash_password(OldPassword1, UserSalt),
?LOG_DEBUG("~p == ~p", [CurrentPasswordHash, OldPasswordHash]),
Hash1 = case CurrentPasswordHash of
ExpectedHash when ExpectedHash == OldPasswordHash ->
- H = couch_util:encodeBase64(crypto:sha(<<UserSalt/binary, Password/binary>>)),
+ H = hash_password(Password, UserSalt),
H;
_ ->
throw({forbidden, <<"Old password is incorrect.">>})