From 2fa163c599b81018a60790cb7a0400e21e8d6d89 Mon Sep 17 00:00:00 2001 From: Jan Lehnardt Date: Wed, 2 Sep 2009 09:35:05 +0000 Subject: use the same password hash calculation for user creation via ini file and user db, patch by Benoit Chesneau, closes COUCHDB-492 git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@810435 13f79535-47bb-0310-9956-ffa450edef68 --- src/couchdb/couch_httpd_auth.erl | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'src/couchdb/couch_httpd_auth.erl') diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl index 3b076bef..e7a2e3a1 100644 --- a/src/couchdb/couch_httpd_auth.erl +++ b/src/couchdb/couch_httpd_auth.erl @@ -48,7 +48,6 @@ basic_username_pw(Req) -> AuthorizationHeader = header_value(Req, "Authorization"), case AuthorizationHeader of "Basic " ++ Base64Value -> - io:format("~n~nBase64Value: '~p'~n~n", [Base64Value]), case string:tokens(?b2l(couch_util:decodeBase64(Base64Value)),":") of [User, Pass] -> {User, Pass}; @@ -285,6 +284,9 @@ cookie_auth_cookie(User, Secret, TimeStamp) -> couch_util:encodeBase64Url(SessionData ++ ":" ++ ?b2l(Hash)), [{path, "/"}, {http_only, true}]). % TODO add {secure, true} when SSL is detected +hash_password(Password, Salt) -> + ?l2b(couch_util:to_hex(crypto:sha(<>))). + % Login handler with user db handle_login_req(#httpd{method='POST', mochi_req=MochiReq}=Req, #db{}=Db) -> ReqBody = MochiReq:recv_body(), @@ -301,7 +303,7 @@ handle_login_req(#httpd{method='POST', mochi_req=MochiReq}=Req, #db{}=Db) -> Result -> Result end, UserSalt = proplists:get_value(<<"salt">>, User, <<>>), - PasswordHash = couch_util:encodeBase64(crypto:sha(<>)), + PasswordHash = hash_password(Password, UserSalt), case proplists:get_value(<<"password_sha">>, User, nil) of ExpectedHash when ExpectedHash == PasswordHash -> Secret = ?l2b(couch_config:get("couch_httpd_auth", "secret", nil)), @@ -380,7 +382,7 @@ create_user_req(#httpd{method='POST', mochi_req=MochiReq}=Req, Db) -> end, UserSalt = couch_util:new_uuid(), - PasswordHash = couch_util:encodeBase64(crypto:sha(<>)), + PasswordHash = hash_password(Password, UserSalt), DocId = couch_util:new_uuid(), {ok, UserDoc} = user_doc(DocId, UserName, UserSalt, PasswordHash, Email, Active, Roles1), {ok, _Rev} = couch_db:update_doc(Db, UserDoc, []), @@ -435,7 +437,7 @@ update_user_req(#httpd{method='PUT', mochi_req=MochiReq, user_ctx=UserCtx}=Req, Hash = case Password of <<>> -> CurrentPasswordHash; _Else -> - H = couch_util:encodeBase64(crypto:sha(<>)), + H = hash_password(Password, UserSalt), H end, Hash; @@ -447,11 +449,11 @@ update_user_req(#httpd{method='PUT', mochi_req=MochiReq, user_ctx=UserCtx}=Req, _P when length(OldPassword) == 0 -> throw({forbidden, <<"Old password is incorrect.">>}); _Else -> - OldPasswordHash = couch_util:encodeBase64(crypto:sha(<>)), + OldPasswordHash = hash_password(OldPassword1, UserSalt), ?LOG_DEBUG("~p == ~p", [CurrentPasswordHash, OldPasswordHash]), Hash1 = case CurrentPasswordHash of ExpectedHash when ExpectedHash == OldPasswordHash -> - H = couch_util:encodeBase64(crypto:sha(<>)), + H = hash_password(Password, UserSalt), H; _ -> throw({forbidden, <<"Old password is incorrect.">>}) -- cgit v1.2.3