From 6dd203868681ca7b645c374eff1f9ec8d2b3b65e Mon Sep 17 00:00:00 2001 From: coderaiser Date: Tue, 4 Nov 2014 09:53:03 -0500 Subject: [PATCH] feature(auth) add warning about changing password --- lib/server/auth.js | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/lib/server/auth.js b/lib/server/auth.js index 6d557d3f..bcded348 100644 --- a/lib/server/auth.js +++ b/lib/server/auth.js @@ -8,7 +8,7 @@ tryRequire = require(DIR + 'tryRequire', {log: true}), config = require(DIR + 'config'), Util = require(DIR_LIB + 'util'), - + isDeprecatedShown, oldPass, oldName; @@ -35,15 +35,15 @@ function init(httpAuth, config) { var auth = httpAuth.basic({ realm: 'Cloud Commander' - }, function (username, password, callback) { // Custom authentication method. + }, function (username, password, callback) { var hash, name = config('username'), - passwd = config('password'), + pass = config('password'), equal = username === name, - sha = crypto.createHash('sha512'); + sha = crypto.createHash('sha512WithRSAEncryption'); if (!oldPass) - oldPass = passwd; + oldPass = pass; if (!oldName) oldName = name; @@ -52,14 +52,24 @@ username === oldName; sha.update(password); + hash = sha.digest('hex'); - equal = passwd === hash && equal; + equal = pass === hash && equal; if (!equal) { sha = crypto.createHash('sha512WithRSAEncryption'); sha.update(oldPass); hash = sha.digest('hex'); - equal = passwd === hash && equal; + equal = pass === hash && equal; + } + + if (!equal) { + equal = oldSha(password, pass); + + if (!isDeprecatedShown) { + console.error('Change password: ssh1 is not safe. New passwords would be saved in config in ssh512+RSA'); + isDeprecatedShown = true; + } } callback(equal); @@ -67,4 +77,14 @@ return auth; } + + function oldSha(password, hash) { + var hashNew, + sha = crypto.createHash('sha1'); + + sha.update(password); + hashNew = sha.digest('hex'); + + return hash === hashNew; + } })();