mirror of
https://github.com/casdoor/casdoor.git
synced 2025-07-07 08:10:27 +08:00
feat: CredManager.GetHashedPassword() only contains one salt arg now (#3928)
This commit is contained in:
Raiki
@ -574,7 +574,7 @@ func (c *ApiController) SetPassword() {
|
||||
targetUser.LastChangePasswordTime = util.GetCurrentTime()
|
||||
|
||||
if user.Ldap == "" {
|
||||
_, err = object.UpdateUser(userId, targetUser, []string{"password", "need_update_password", "password_type", "last_change_password_time"}, false)
|
||||
_, err = object.UpdateUser(userId, targetUser, []string{"password", "password_salt", "need_update_password", "password_type", "last_change_password_time"}, false)
|
||||
} else {
|
||||
if isAdmin {
|
||||
err = object.ResetLdapPassword(targetUser, "", newPassword, c.GetAcceptLanguage())
|
||||
|
||||
@ -23,7 +23,7 @@ func NewArgon2idCredManager() *Argon2idCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *Argon2idCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
func (cm *Argon2idCredManager) GetHashedPassword(password string, salt string) string {
|
||||
hash, err := argon2id.CreateHash(password, argon2id.DefaultParams)
|
||||
if err != nil {
|
||||
return ""
|
||||
|
||||
@ -9,7 +9,7 @@ func NewBcryptCredManager() *BcryptCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
func (cm *BcryptCredManager) GetHashedPassword(password string, salt string) string {
|
||||
bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
return ""
|
||||
|
||||
@ -15,7 +15,7 @@
|
||||
package cred
|
||||
|
||||
type CredManager interface {
|
||||
GetHashedPassword(password string, userSalt string, organizationSalt string) string
|
||||
GetHashedPassword(password string, salt string) string
|
||||
IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool
|
||||
}
|
||||
|
||||
|
||||
@ -37,14 +37,13 @@ func NewMd5UserSaltCredManager() *Md5UserSaltCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
res := getMd5HexDigest(password)
|
||||
if userSalt != "" {
|
||||
res = getMd5HexDigest(res + userSalt)
|
||||
}
|
||||
return res
|
||||
func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, salt string) string {
|
||||
return getMd5HexDigest(getMd5HexDigest(password) + salt)
|
||||
}
|
||||
|
||||
func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
|
||||
if hashedPwd == cm.GetHashedPassword(plainPwd, organizationSalt) {
|
||||
return true
|
||||
}
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt)
|
||||
}
|
||||
|
||||
@ -28,13 +28,16 @@ func NewPbkdf2SaltCredManager() *Pbkdf2SaltCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
func (cm *Pbkdf2SaltCredManager) GetHashedPassword(password string, salt string) string {
|
||||
// https://www.keycloak.org/docs/latest/server_admin/index.html#password-database-compromised
|
||||
decodedSalt, _ := base64.StdEncoding.DecodeString(userSalt)
|
||||
decodedSalt, _ := base64.StdEncoding.DecodeString(salt)
|
||||
res := pbkdf2.Key([]byte(password), decodedSalt, 27500, 64, sha256.New)
|
||||
return base64.StdEncoding.EncodeToString(res)
|
||||
}
|
||||
|
||||
func (cm *Pbkdf2SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
|
||||
if hashedPwd == cm.GetHashedPassword(plainPwd, organizationSalt) {
|
||||
return true
|
||||
}
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt)
|
||||
}
|
||||
|
||||
@ -32,12 +32,8 @@ func NewPbkdf2DjangoCredManager() *Pbkdf2DjangoCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
func (m *Pbkdf2DjangoCredManager) GetHashedPassword(password string, salt string) string {
|
||||
iterations := 260000
|
||||
salt := userSalt
|
||||
if salt == "" {
|
||||
salt = organizationSalt
|
||||
}
|
||||
|
||||
saltBytes := []byte(salt)
|
||||
passwordBytes := []byte(password)
|
||||
|
||||
@ -21,7 +21,7 @@ func NewPlainCredManager() *PlainCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *PlainCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
func (cm *PlainCredManager) GetHashedPassword(password string, salt string) string {
|
||||
return password
|
||||
}
|
||||
|
||||
|
||||
@ -37,14 +37,13 @@ func NewSha256SaltCredManager() *Sha256SaltCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *Sha256SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
res := getSha256HexDigest(password)
|
||||
if organizationSalt != "" {
|
||||
res = getSha256HexDigest(res + organizationSalt)
|
||||
}
|
||||
return res
|
||||
func (cm *Sha256SaltCredManager) GetHashedPassword(password string, salt string) string {
|
||||
return getSha256HexDigest(getSha256HexDigest(password) + salt)
|
||||
}
|
||||
|
||||
func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
|
||||
if hashedPwd == cm.GetHashedPassword(plainPwd, organizationSalt) {
|
||||
return true
|
||||
}
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt)
|
||||
}
|
||||
|
||||
@ -23,12 +23,12 @@ func TestGetSaltedPassword(t *testing.T) {
|
||||
password := "123456"
|
||||
salt := "123"
|
||||
cm := NewSha256SaltCredManager()
|
||||
fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, "", salt))
|
||||
fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, salt))
|
||||
}
|
||||
|
||||
func TestGetPassword(t *testing.T) {
|
||||
password := "123456"
|
||||
cm := NewSha256SaltCredManager()
|
||||
// https://passwordsgenerator.net/sha256-hash-generator/
|
||||
fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, "", ""))
|
||||
fmt.Printf("%s -> %s\n", "8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92", cm.GetHashedPassword(password, ""))
|
||||
}
|
||||
|
||||
@ -37,14 +37,13 @@ func NewSha512SaltCredManager() *Sha512SaltCredManager {
|
||||
return cm
|
||||
}
|
||||
|
||||
func (cm *Sha512SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
|
||||
res := getSha512HexDigest(password)
|
||||
if organizationSalt != "" {
|
||||
res = getSha512HexDigest(res + organizationSalt)
|
||||
}
|
||||
return res
|
||||
func (cm *Sha512SaltCredManager) GetHashedPassword(password string, salt string) string {
|
||||
return getSha512HexDigest(getSha512HexDigest(password) + salt)
|
||||
}
|
||||
|
||||
func (cm *Sha512SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
|
||||
if hashedPwd == cm.GetHashedPassword(plainPwd, organizationSalt) {
|
||||
return true
|
||||
}
|
||||
return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt)
|
||||
}
|
||||
|
||||
@ -222,7 +222,7 @@ func UpdateOrganization(id string, organization *Organization, isGlobalAdmin boo
|
||||
if organization.MasterPassword != "" && organization.MasterPassword != "***" {
|
||||
credManager := cred.GetCredManager(organization.PasswordType)
|
||||
if credManager != nil {
|
||||
hashedPassword := credManager.GetHashedPassword(organization.MasterPassword, "", organization.PasswordSalt)
|
||||
hashedPassword := credManager.GetHashedPassword(organization.MasterPassword, organization.PasswordSalt)
|
||||
organization.MasterPassword = hashedPassword
|
||||
}
|
||||
}
|
||||
|
||||
@ -42,8 +42,9 @@ func (user *User) UpdateUserHash() error {
|
||||
func (user *User) UpdateUserPassword(organization *Organization) {
|
||||
credManager := cred.GetCredManager(organization.PasswordType)
|
||||
if credManager != nil {
|
||||
hashedPassword := credManager.GetHashedPassword(user.Password, user.PasswordSalt, organization.PasswordSalt)
|
||||
hashedPassword := credManager.GetHashedPassword(user.Password, organization.PasswordSalt)
|
||||
user.Password = hashedPassword
|
||||
user.PasswordType = organization.PasswordType
|
||||
user.PasswordSalt = organization.PasswordSalt
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user