From 523186f895e1627a5f468eddd9dd723f6bb7caca Mon Sep 17 00:00:00 2001
From: dacongda <47297289+dacongda@users.noreply.github.com>
Date: Wed, 31 Jan 2024 00:06:06 +0800
Subject: [PATCH] feat: Support sha512 password encryption algorithm (#2657)
* add sha512 encryption support for password
* fead: add sha512 encryption support for password
---
cred/manager.go | 2 ++
cred/sha512-salt.go | 50 +++++++++++++++++++++++++++++++++
object/adapter.go | 2 +-
object/syncer.go | 2 +-
object/token_jwt.go | 2 +-
object/user.go | 2 +-
web/src/OrganizationEditPage.js | 2 +-
7 files changed, 57 insertions(+), 5 deletions(-)
create mode 100644 cred/sha512-salt.go
diff --git a/cred/manager.go b/cred/manager.go
index 7748196b..54471a39 100644
--- a/cred/manager.go
+++ b/cred/manager.go
@@ -24,6 +24,8 @@ func GetCredManager(passwordType string) CredManager {
return NewPlainCredManager()
} else if passwordType == "salt" {
return NewSha256SaltCredManager()
+ } else if passwordType == "sha512-salt" {
+ return NewSha512SaltCredManager()
} else if passwordType == "md5-salt" {
return NewMd5UserSaltCredManager()
} else if passwordType == "bcrypt" {
diff --git a/cred/sha512-salt.go b/cred/sha512-salt.go
new file mode 100644
index 00000000..ed8043b8
--- /dev/null
+++ b/cred/sha512-salt.go
@@ -0,0 +1,50 @@
+// Copyright 2024 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cred
+
+import (
+ "crypto/sha512"
+ "encoding/hex"
+)
+
+type Sha512SaltCredManager struct{}
+
+func getSha512(data []byte) []byte {
+ hash := sha512.Sum512(data)
+ return hash[:]
+}
+
+func getSha512HexDigest(s string) string {
+ b := getSha512([]byte(s))
+ res := hex.EncodeToString(b)
+ return res
+}
+
+func NewSha512SaltCredManager() *Sha512SaltCredManager {
+ cm := &Sha512SaltCredManager{}
+ return cm
+}
+
+func (cm *Sha512SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+ res := getSha512HexDigest(password)
+ if organizationSalt != "" {
+ res = getSha512HexDigest(res + organizationSalt)
+ }
+ return res
+}
+
+func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+ return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+}
diff --git a/object/adapter.go b/object/adapter.go
index e5090724..4fd79a4c 100644
--- a/object/adapter.go
+++ b/object/adapter.go
@@ -37,7 +37,7 @@ type Adapter struct {
Host string `xorm:"varchar(100)" json:"host"`
Port int `json:"port"`
User string `xorm:"varchar(100)" json:"user"`
- Password string `xorm:"varchar(100)" json:"password"`
+ Password string `xorm:"varchar(150)" json:"password"`
Database string `xorm:"varchar(100)" json:"database"`
*xormadapter.Adapter `xorm:"-" json:"-"`
diff --git a/object/syncer.go b/object/syncer.go
index 2b06ff40..97994c71 100644
--- a/object/syncer.go
+++ b/object/syncer.go
@@ -43,7 +43,7 @@ type Syncer struct {
Host string `xorm:"varchar(100)" json:"host"`
Port int `json:"port"`
User string `xorm:"varchar(100)" json:"user"`
- Password string `xorm:"varchar(100)" json:"password"`
+ Password string `xorm:"varchar(150)" json:"password"`
Database string `xorm:"varchar(100)" json:"database"`
Table string `xorm:"varchar(100)" json:"table"`
TableColumns []*TableColumn `xorm:"mediumtext" json:"tableColumns"`
diff --git a/object/token_jwt.go b/object/token_jwt.go
index e49bb649..e2190a15 100644
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@@ -52,7 +52,7 @@ type UserWithoutThirdIdp struct {
Id string `xorm:"varchar(100) index" json:"id"`
Type string `xorm:"varchar(100)" json:"type"`
- Password string `xorm:"varchar(100)" json:"password"`
+ Password string `xorm:"varchar(150)" json:"password"`
PasswordSalt string `xorm:"varchar(100)" json:"passwordSalt"`
PasswordType string `xorm:"varchar(100)" json:"passwordType"`
DisplayName string `xorm:"varchar(100)" json:"displayName"`
diff --git a/object/user.go b/object/user.go
index 1fd9dfd2..028bd435 100644
--- a/object/user.go
+++ b/object/user.go
@@ -54,7 +54,7 @@ type User struct {
Id string `xorm:"varchar(100) index" json:"id"`
ExternalId string `xorm:"varchar(100) index" json:"externalId"`
Type string `xorm:"varchar(100)" json:"type"`
- Password string `xorm:"varchar(100)" json:"password"`
+ Password string `xorm:"varchar(150)" json:"password"`
PasswordSalt string `xorm:"varchar(100)" json:"passwordSalt"`
PasswordType string `xorm:"varchar(100)" json:"passwordType"`
DisplayName string `xorm:"varchar(100)" json:"displayName"`
diff --git a/web/src/OrganizationEditPage.js b/web/src/OrganizationEditPage.js
index 28b4fa5e..e9522c78 100644
--- a/web/src/OrganizationEditPage.js
+++ b/web/src/OrganizationEditPage.js
@@ -184,7 +184,7 @@ class OrganizationEditPage extends React.Component {