gitlord
/
isleward
mirror of https://gitlab.com/Isleward/isleward.git
1
0
Fork 0
Code Issues 0 Releases 203 Wiki Activity
Browse Source

Merge branch '47-password-hashing' into 'staging' 

Resolve "Passwords should be encrypted"

See merge request !78
tags/v0.1.3^2
Big Bad Waffle 7 years ago
parent
b156b8aac8 21e9d82e00
commit
d31782286c
2 changed files with 34 additions and 9 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +33
    -9
      src/server/components/auth.js
  2. +1
    -0
      src/server/package.json

+ 33
- 9
src/server/components/auth.js View File

@@ -1,4 +1,5 @@
define([
'bcrypt',
'security/io',
'misc/messages',
'security/connections',
@@ -6,6 +7,7 @@ define([
'config/skins',
'misc/profanities'
], function(
bcrypt,
io,
messages,
connections,
@@ -220,23 +222,42 @@ define([
io.get({
ent: credentials.username,
field: 'login',
callback: this.onLogin.bind(this, msg)
callback: this.onHashCompare.bind(this, msg)
});
},
onLogin: function(msg, result) {
onHashCompare: function(msg, storedPassword) {
var credentials = msg.data;

if (!result)
bcrypt.compare(credentials.password, storedPassword, this.onLogin.bind(this, msg, storedPassword));
},
onLogin: function(msg, storedPassword, err, compareResult) {
if (!storedPassword)
msg.callback(messages.login.incorrect);
else {
if (result == credentials.password) {
this.username = credentials.username;
connections.logOut(this.obj);
msg.callback();
if (compareResult) { //If stored password matches the hashed password entered by the user, log them in directly
this.onLoginVerified(msg);
} else if (msg.data.password == storedPassword) { //If the stored password matches a plaintext password entered by the user; In that case the password gets hashed for the future
this.onUnhashedLogin(msg);
} else
msg.callback(messages.login.incorrect);
}
},
onUnhashedLogin: function(msg) {
bcrypt.hash(msg.data.password, 10, this.onPasswordHashed.bind(this, msg));
},
onPasswordHashed: function(msg, err, hashedPassword) {
io.set({
ent: msg.data.username,
field: 'login',
value: hashedPassword,
callback: this.onLoginVerified.bind(this, msg)
});
},
onLoginVerified: function(msg) {
this.username = msg.data.username;
connections.logOut(this.obj);
msg.callback();
},

register: function(msg) {
var credentials = msg.data;
@@ -273,10 +294,13 @@ define([

var credentials = msg.data;

bcrypt.hash(credentials.password, 10, this.onHashGenerated.bind(this, msg));
},
onHashGenerated: function(msg, err, hashedPassword) {
io.set({
ent: credentials.username,
ent: msg.data.username,
field: 'login',
value: credentials.password,
value: hashedPassword,
callback: this.onRegister.bind(this, msg)
});
},


+ 1
- 0
src/server/package.json View File

@@ -3,6 +3,7 @@
"version": "0.0.2",
"description": "isleward",
"dependencies": {
"bcrypt": "^1.0.2",
"express": "^4.13.1",
"extend": "^3.0.0",
"less-middleware": "^2.0.1",


Write Preview
Loading…
Cancel
Save