mirror of
https://github.com/YunoHost/SSOwat.git
synced 2024-09-03 20:06:27 +02:00
[fix] helpers.lua: openssl v3 support for hmac_sha512
This change is backward compatible with older openssl versions
This commit is contained in:
parent
81160e5d95
commit
7cd4965f6c
1 changed files with 6 additions and 5 deletions
11
helpers.lua
11
helpers.lua
|
@ -112,14 +112,15 @@ function hmac_sha512(key, message)
|
|||
-- this is really dirty and probably leak the key and the message in the process list
|
||||
-- but if someone got there I guess we really have other problems so this is acceptable
|
||||
-- and also this is way better than the previous situation
|
||||
local pipe = io.popen("echo -n '" ..message:gsub("'", "'\\''").. "' | openssl sha512 -hmac '" ..key:gsub("'", "'\\''").. "'")
|
||||
local pipe = io.popen("echo -n '" ..message:gsub("'", "'\\''").. "' | openssl dgst -sha512 -hmac '" ..key:gsub("'", "'\\''").. "'")
|
||||
|
||||
-- openssl returns something like this:
|
||||
-- root@yunohost:~# echo -n "qsd" | openssl sha512 -hmac "key"
|
||||
-- (stdin)= f1c2b1658fe64c5a3d16459f2f4eea213e4181905c190235b060ab2a4e7d6a41c15ea2c246828537a1e32ae524b7a7ed309e6d296089194c3e3e3efb98c1fbe3
|
||||
-- SHA2-512(stdin)= f1c2b1658fe64c5a3d16459f2f4eea213e4181905c190235b060ab2a4e7d6a41c15ea2c246828537a1e32ae524b7a7ed309e6d296089194c3e3e3efb98c1fbe3
|
||||
--
|
||||
-- so we need to remove the "(stdin)= " at the beginning
|
||||
local hash = pipe:read():sub(string.len("(stdin)= ") + 1)
|
||||
-- so we need to remove the "SHA2-512(stdin)= " at the beginning ("(stdin)= " on older openssl version)
|
||||
local line = pipe:read()
|
||||
local hash = line:sub(line:find("=") + 2)
|
||||
pipe:close()
|
||||
|
||||
cache:set(cache_key, hash, conf["session_timeout"])
|
||||
|
@ -370,7 +371,7 @@ function authenticate(user, password)
|
|||
end
|
||||
cache:add(user.."-password", password, conf["session_timeout"])
|
||||
ngx.log(ngx.NOTICE, "Connected as: "..user)
|
||||
logger.info("User "..user.." succesfully authenticated from "..ngx.var.remote_addr)
|
||||
logger.info("User "..user.." successfully authenticated from "..ngx.var.remote_addr)
|
||||
return user
|
||||
|
||||
-- Else, the username/email or the password is wrong
|
||||
|
|
Loading…
Reference in a new issue