mirror of
https://github.com/YunoHost/SSOwat.git
synced 2024-09-03 20:06:27 +02:00
Merge pull request #208 from cyrilRomain/bookworm
[fix] helpers.lua: openssl v3 support for hmac_sha512
This commit is contained in:
commit
8c44475d39
1 changed files with 6 additions and 5 deletions
11
helpers.lua
11
helpers.lua
|
@ -112,14 +112,15 @@ function hmac_sha512(key, message)
|
||||||
-- this is really dirty and probably leak the key and the message in the process list
|
-- this is really dirty and probably leak the key and the message in the process list
|
||||||
-- but if someone got there I guess we really have other problems so this is acceptable
|
-- but if someone got there I guess we really have other problems so this is acceptable
|
||||||
-- and also this is way better than the previous situation
|
-- and also this is way better than the previous situation
|
||||||
local pipe = io.popen("echo -n '" ..message:gsub("'", "'\\''").. "' | openssl sha512 -hmac '" ..key:gsub("'", "'\\''").. "'")
|
local pipe = io.popen("echo -n '" ..message:gsub("'", "'\\''").. "' | openssl dgst -sha512 -hmac '" ..key:gsub("'", "'\\''").. "'")
|
||||||
|
|
||||||
-- openssl returns something like this:
|
-- openssl returns something like this:
|
||||||
-- root@yunohost:~# echo -n "qsd" | openssl sha512 -hmac "key"
|
-- root@yunohost:~# echo -n "qsd" | openssl sha512 -hmac "key"
|
||||||
-- (stdin)= f1c2b1658fe64c5a3d16459f2f4eea213e4181905c190235b060ab2a4e7d6a41c15ea2c246828537a1e32ae524b7a7ed309e6d296089194c3e3e3efb98c1fbe3
|
-- SHA2-512(stdin)= f1c2b1658fe64c5a3d16459f2f4eea213e4181905c190235b060ab2a4e7d6a41c15ea2c246828537a1e32ae524b7a7ed309e6d296089194c3e3e3efb98c1fbe3
|
||||||
--
|
--
|
||||||
-- so we need to remove the "(stdin)= " at the beginning
|
-- so we need to remove the "SHA2-512(stdin)= " at the beginning ("(stdin)= " on older openssl version)
|
||||||
local hash = pipe:read():sub(string.len("(stdin)= ") + 1)
|
local line = pipe:read()
|
||||||
|
local hash = line:sub(line:find("=") + 2)
|
||||||
pipe:close()
|
pipe:close()
|
||||||
|
|
||||||
cache:set(cache_key, hash, conf["session_timeout"])
|
cache:set(cache_key, hash, conf["session_timeout"])
|
||||||
|
@ -370,7 +371,7 @@ function authenticate(user, password)
|
||||||
end
|
end
|
||||||
cache:add(user.."-password", password, conf["session_timeout"])
|
cache:add(user.."-password", password, conf["session_timeout"])
|
||||||
ngx.log(ngx.NOTICE, "Connected as: "..user)
|
ngx.log(ngx.NOTICE, "Connected as: "..user)
|
||||||
logger.info("User "..user.." succesfully authenticated from "..ngx.var.remote_addr)
|
logger.info("User "..user.." successfully authenticated from "..ngx.var.remote_addr)
|
||||||
return user
|
return user
|
||||||
|
|
||||||
-- Else, the username/email or the password is wrong
|
-- Else, the username/email or the password is wrong
|
||||||
|
|
Loading…
Reference in a new issue