mirror of
https://github.com/matrix-construct/construct
synced 2024-10-03 06:08:52 +02:00
ircd:Ⓜ️ Replace plaintext password storage with sha256.
This commit is contained in:
parent
4793e4906c
commit
0ef29fc433
1 changed files with 20 additions and 8 deletions
28
ircd/m.cc
28
ircd/m.cc
|
@ -1447,12 +1447,20 @@ try
|
||||||
{ event, { "type", "ircd.password" }},
|
{ event, { "type", "ircd.password" }},
|
||||||
{ event, { "state_key", user_id }},
|
{ event, { "state_key", user_id }},
|
||||||
{ event, { "sender", user_id }},
|
{ event, { "sender", user_id }},
|
||||||
{ event, { "content", json::members
|
|
||||||
{
|
|
||||||
{ "plaintext", password }
|
|
||||||
}}},
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
char b64[64];
|
||||||
|
uint8_t hash[32];
|
||||||
|
sha256{hash, const_buffer{password}};
|
||||||
|
const auto digest{b64encode_unpadded(b64, hash)};
|
||||||
|
json::iov::push content{event,
|
||||||
|
{
|
||||||
|
"content", json::members
|
||||||
|
{
|
||||||
|
{ "sha256", digest }
|
||||||
|
},
|
||||||
|
}};
|
||||||
|
|
||||||
accounts.send(event);
|
accounts.send(event);
|
||||||
}
|
}
|
||||||
catch(const m::ALREADY_MEMBER &e)
|
catch(const m::ALREADY_MEMBER &e)
|
||||||
|
@ -1474,7 +1482,11 @@ const
|
||||||
{ "state_key", user_id },
|
{ "state_key", user_id },
|
||||||
};
|
};
|
||||||
|
|
||||||
const vm::query<vm::where::test> correct_password{[&supplied_password]
|
char b64[64];
|
||||||
|
uint8_t hash[32];
|
||||||
|
sha256{hash, const_buffer{supplied_password}};
|
||||||
|
const auto supplied_hash{b64encode_unpadded(b64, hash)};
|
||||||
|
const vm::query<vm::where::test> correct_password{[&supplied_hash]
|
||||||
(const auto &event)
|
(const auto &event)
|
||||||
{
|
{
|
||||||
const json::object &content
|
const json::object &content
|
||||||
|
@ -1482,12 +1494,12 @@ const
|
||||||
json::at<"content"_>(event)
|
json::at<"content"_>(event)
|
||||||
};
|
};
|
||||||
|
|
||||||
const auto &correct_password
|
const auto &correct_hash
|
||||||
{
|
{
|
||||||
unquote(content.at("plaintext"))
|
unquote(content.at("sha256"))
|
||||||
};
|
};
|
||||||
|
|
||||||
return supplied_password == correct_password;
|
return supplied_hash == correct_hash;
|
||||||
}};
|
}};
|
||||||
|
|
||||||
const auto query
|
const auto query
|
||||||
|
|
Loading…
Reference in a new issue