Mirrors/cloudcmd
1
0
Fork 0
mirror of https://github.com/coderaiser/cloudcmd.git synced 2026-01-23 10:45:47 +00:00
Code Issues Projects Releases Wiki Activity

feature(auth) add warning about changing password

Browse source
This commit is contained in:
coderaiser 2014-11-04 09:53:03 -05:00
parent fe83689024
commit 6dd2038686
1 changed files with 27 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

34
lib/server/auth.js
View file

@ -8,7 +8,7 @@
tryRequire = require(DIR + 'tryRequire', {log: true}),
config = require(DIR + 'config'),
Util = require(DIR_LIB + 'util'),
isDeprecatedShown,
oldPass,
oldName;
@ -35,15 +35,15 @@
function init(httpAuth, config) {
var auth = httpAuth.basic({
realm: 'Cloud Commander'
}, function (username, password, callback) { // Custom authentication method.
}, function (username, password, callback) {
var hash,
name = config('username'),
passwd = config('password'),
pass = config('password'),
equal = username === name,
sha = crypto.createHash('sha512');
sha = crypto.createHash('sha512WithRSAEncryption');
if (!oldPass)
oldPass = passwd;
oldPass = pass;
if (!oldName)
oldName = name;
@ -52,14 +52,24 @@
username === oldName;
sha.update(password);
hash = sha.digest('hex');
equal = passwd === hash && equal;
equal = pass === hash && equal;
if (!equal) {
sha = crypto.createHash('sha512WithRSAEncryption');
sha.update(oldPass);
hash = sha.digest('hex');
equal = passwd === hash && equal;
equal = pass === hash && equal;
}
if (!equal) {
equal = oldSha(password, pass);
if (!isDeprecatedShown) {
console.error('Change password: ssh1 is not safe. New passwords would be saved in config in ssh512+RSA');
isDeprecatedShown = true;
}
}
callback(equal);
@ -67,4 +77,14 @@
return auth;
}
function oldSha(password, hash) {
var hashNew,
sha = crypto.createHash('sha1');
sha.update(password);
hashNew = sha.digest('hex');
return hash === hashNew;
}
})();