YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

[enh] encode password using sha512 on user modification of password

Browse source
This commit is contained in:
Laurent Peuch 2017-08-15 01:30:39 +02:00
parent 044aa1d8eb
commit 2ff2fb92f3
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
helpers.lua
View file

@ -607,7 +607,8 @@ function edit_user()
-- Open the LDAP connection -- Open the LDAP connection
local ldap = lualdap.open_simple(conf["ldap_host"], dn, args.currentpassword) local ldap = lualdap.open_simple(conf["ldap_host"], dn, args.currentpassword)
local password = "{SHA}"..ngx.encode_base64(ngx.sha1_bin(args.newpassword))
local password = hash_password(args.newpassword)
-- Modify the LDAP information -- Modify the LDAP information
if ldap:modify(dn, {'=', userPassword = password }) then if ldap:modify(dn, {'=', userPassword = password }) then
@ -808,6 +809,16 @@ function edit_user()
end end
end end
-- hash the user password using sha-512 and using {CRYPT} to uses linux auth system
-- because ldap doesn't support anything stronger than sha1
function hash_password(password)
-- TODO is the password checked by regex? we don't want to
-- allow shell injection
local mkpasswd = io.popen("mkpasswd --method=sha-512 '" ..password.."'")
local hashed_password = "{CRYPT}"..mkpasswd:read()
mkpasswd:close()
return hashed_password
end
-- Compute the user login POST request -- Compute the user login POST request
-- It authenticates the user against the LDAP base then redirects to the portal -- It authenticates the user against the LDAP base then redirects to the portal