From 604569c71035ac3b3f65a3fbf660cc555fc12730 Mon Sep 17 00:00:00 2001 From: Jason David Davies Date: Tue, 12 Jan 2010 19:29:23 +0000 Subject: Add utility for verifying hashes. git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@898477 13f79535-47bb-0310-9956-ffa450edef68 --- src/chttpd_auth.erl | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/chttpd_auth.erl b/src/chttpd_auth.erl index b13e12d1..416195d3 100644 --- a/src/chttpd_auth.erl +++ b/src/chttpd_auth.erl @@ -56,8 +56,9 @@ default_authentication_handler(Req) -> Props -> ExpectedHash = couch_util:get_value(<<"password_sha">>, Props), Salt = couch_util:get_value(<<"salt">>, Props), - case hash_password(?l2b(Password), Salt) of - ExpectedHash -> + PasswordHash = hash_password(?l2b(Password), Salt), + case couch_util:verify(ExpectedHash, PasswordHash) of + true -> Ctx = #user_ctx{ name = couch_util:get_value(<<"username">>, Props), roles = couch_util:get_value(<<"roles">>, Props) @@ -132,8 +133,9 @@ handle_session_req(#httpd{method='POST', mochi_req=MochiReq, user_ctx=Ctx}=Req) false -> Password = extract_password(Form), ExpectedHash = couch_util:get_value(<<"password_sha">>, User), - case hash_password(Password, UserSalt) of - ExpectedHash -> + PasswordHash = hash_password(Password, UserSalt), + case couch_util:verify(ExpectedHash, PasswordHash) of + true -> ok; _Else -> throw({forbidden, <<"Name or password is incorrect.">>}) @@ -270,8 +272,9 @@ cookie_auth_user(#httpd{mochi_req=MochiReq}=Req) -> UserSalt = couch_util:get_value(<<"salt">>, Result), FullSecret = <>, ExpectedHash = crypto:sha_mac(FullSecret, [User, ":", TimeStr]), - case ?l2b(string:join(HashParts, ":")) of - ExpectedHash -> + PasswordHash = ?l2b(string:join(HashParts, ":")), + case couch_util:verify(ExpectedHash, PasswordHash) of + true -> TimeStamp = erlang:list_to_integer(TimeStr, 16), Timeout = erlang:list_to_integer(couch_config:get( "chttpd_auth", "timeout", "600")), -- cgit v1.2.3