mirror of
https://github.com/casdoor/casdoor.git
synced 2025-07-07 16:20:28 +08:00
feat: CredManager.GetHashedPassword() only contains one salt arg now (#3928)
This commit is contained in:
Raiki
@ -23,7 +23,7 @@ func NewArgon2idCredManager() *Argon2idCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *Argon2idCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
func (cm *Argon2idCredManager) GetHashedPassword(password string, salt string) string {
|
||||
hash, err := argon2id.CreateHash(password, argon2id.DefaultParams)
|
||||
if err != nil {
|
||||
return ""
|
||||
|
||||
@ -9,7 +9,7 @@ func NewBcryptCredManager() *BcryptCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
func (cm *BcryptCredManager) GetHashedPassword(password string, salt string) string {
|
||||
bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
return ""
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
package cred
|
||||
|
||||
type CredManager interface {
|
||||
GetHashedPassword(password string, userSalt string, organizationSalt string) string
|
||||
GetHashedPassword(password string, salt string) string
|
||||
IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool
|
||||
}
|
||||
|
||||
|
||||
@ -37,14 +37,13 @@ func NewMd5UserSaltCredManager() *Md5UserSaltCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
res := getMd5HexDigest(password)
|
||||
if userSalt != "" {
|
||||
res = getMd5HexDigest(res + userSalt)
|
||||
}
|
||||
return res
|
||||
func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, salt string) string {
|
||||
return getMd5HexDigest(getMd5HexDigest(password) + salt)
|
||||
}
|
||||
|
||||
func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
|
||||
if hashedPwd == cm.GetHashedPassword(plainPwd, organizationSalt) {
|
||||
return true
|
||||
}
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt)
|
||||
}
|
||||
|
||||
@ -28,13 +28,16 @@ func NewPbkdf2SaltCredManager() *Pbkdf2SaltCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, salt string) string {
|
||||
// https://www.keycloak.org/docs/latest/server_admin/index.html#password-database-compromised
|
||||
decodedSalt, _ := base64.StdEncoding.DecodeString(userSalt)
|
||||
decodedSalt, _ := base64.StdEncoding.DecodeString(salt)
|
||||
res := pbkdf2.Key([]byte(password), decodedSalt, 27500, 64, sha256.New)
|
||||
return base64.StdEncoding.EncodeToString(res)
|
||||
}
|
||||
|
||||
func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
|
||||
if hashedPwd == cm.GetHashedPassword(plainPwd, organizationSalt) {
|
||||
return true
|
||||
}
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt)
|
||||
}
|
||||
|
||||
@ -32,12 +32,8 @@ func NewPbkdf2DjangoCredManager() *Pbkdf2DjangoCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, salt string) string {
|
||||
iterations := 260000
|
||||
salt := userSalt
|
||||
if salt == "" {
|
||||
salt = organizationSalt
|
||||
}
|
||||
|
||||
saltBytes := []byte(salt)
|
||||
passwordBytes := []byte(password)
|
||||
|
||||
@ -21,7 +21,7 @@ func NewPlainCredManager() *PlainCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *PlainCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
func (cm *PlainCredManager) GetHashedPassword(password string, salt string) string {
|
||||
return password
|
||||
}
|
||||
|
||||
|
||||
@ -37,14 +37,13 @@ func NewSha256SaltCredManager() *Sha256SaltCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *Sha256SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
res := getSha256HexDigest(password)
|
||||
if organizationSalt != "" {
|
||||
res = getSha256HexDigest(res + organizationSalt)
|
||||
}
|
||||
return res
|
||||
func (cm *Sha256SaltCredManager) GetHashedPassword(password string, salt string) string {
|
||||
return getSha256HexDigest(getSha256HexDigest(password) + salt)
|
||||
}
|
||||
|
||||
func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
|
||||
if hashedPwd == cm.GetHashedPassword(plainPwd, organizationSalt) {
|
||||
return true
|
||||
}
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt)
|
||||
}
|
||||
|
||||
@ -23,12 +23,12 @@ func TestGetSaltedPassword(t *testing.T) {
|
||||
password := "123456"
|
||||
salt := "123"
|
||||
cm := NewSha256SaltCredManager()
|
||||
fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, "", salt))
|
||||
fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, salt))
|
||||
}
|
||||
|
||||
func TestGetPassword(t *testing.T) {
|
||||
password := "123456"
|
||||
cm := NewSha256SaltCredManager()
|
||||
// https://passwordsgenerator.net/sha256-hash-generator/
|
||||
fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, "", ""))
|
||||
fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, ""))
|
||||
}
|
||||
|
||||
@ -37,14 +37,13 @@ func NewSha512SaltCredManager() *Sha512SaltCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *Sha512SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
res := getSha512HexDigest(password)
|
||||
if organizationSalt != "" {
|
||||
res = getSha512HexDigest(res + organizationSalt)
|
||||
}
|
||||
return res
|
||||
func (cm *Sha512SaltCredManager) GetHashedPassword(password string, salt string) string {
|
||||
return getSha512HexDigest(getSha512HexDigest(password) + salt)
|
||||
}
|
||||
|
||||
func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
|
||||
if hashedPwd == cm.GetHashedPassword(plainPwd, organizationSalt) {
|
||||
return true
|
||||
}
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user