moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Transition to using bcrypt for password hashing/storage

This commit is contained in:
calzoneman 2013-03-26 14:12:02 -05:00
parent 141bb69777
commit 34f20f423f
5 changed files with 51 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -30,8 +30,10 @@ I'm using v0.10, please feel free to report which versions do/do not work
4. Install connect: `npm install connect` 4. Install connect: `npm install connect`
5. Install your distribution's `libmysqlclient` package 5. Install your distribution's `libmysqlclient` package
6. Install the libmysql node module: `npm install mysql-libmysqlclient` 6. Install the libmysql node module: `npm install mysql-libmysqlclient`
7. Edit `config.js` and input your database details and connection port 7. Install bcrypt: `npm install bcrypt`
8. Edit `www/assets/js/iourl.js` and change the value of `IO_URL` to `yourhostname:port` where `port` is the port defined in `config.js` 8. Install node_hash: `npm install node_hash`
9. Edit `config.js` and input your database details and connection port
10. Edit `www/assets/js/iourl.js` and change the value of `IO_URL` to `yourhostname:port` where `port` is the port defined in `config.js`
Running Running
------- -------

37
auth.js
View File

@ -11,6 +11,8 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI
var mysql = require("mysql-libmysqlclient"); var mysql = require("mysql-libmysqlclient");
var Config = require("./config.js"); var Config = require("./config.js");
var bcrypt = require("bcrypt");
var hashlib = require("node_hash");
// Check if a name is taken // Check if a name is taken
exports.isRegistered = function(name) { exports.isRegistered = function(name) {
@ -39,7 +41,7 @@ exports.validateName = function(name) {
} }
// Try to register a new account // Try to register a new account
exports.register = function(name, sha256) { exports.register = function(name, pw) {
if(!exports.validateName(name)) if(!exports.validateName(name))
return false; return false;
if(exports.isRegistered(name)) if(exports.isRegistered(name))
@ -51,16 +53,17 @@ exports.register = function(name, sha256) {
console.log("MySQL Connection Failed"); console.log("MySQL Connection Failed");
return false; return false;
} }
var hash = bcrypt.hashSync(pw, 10);
var query = "INSERT INTO registrations VALUES (NULL, '{1}', '{2}', 0)" var query = "INSERT INTO registrations VALUES (NULL, '{1}', '{2}', 0)"
.replace(/\{1\}/, name) .replace(/\{1\}/, name)
.replace(/\{2\}/, sha256); .replace(/\{2\}/, hash);
var results = db.querySync(query); var results = db.querySync(query);
db.closeSync(); db.closeSync();
return results; return results;
} }
// Try to login // Try to login
exports.login = function(name, sha256) { exports.login = function(name, pw) {
var db = mysql.createConnectionSync(); var db = mysql.createConnectionSync();
db.connectSync(Config.MYSQL_SERVER, Config.MYSQL_USER, db.connectSync(Config.MYSQL_SERVER, Config.MYSQL_USER,
Config.MYSQL_PASSWORD, Config.MYSQL_DB); Config.MYSQL_PASSWORD, Config.MYSQL_DB);
@ -68,14 +71,34 @@ exports.login = function(name, sha256) {
console.log("MySQL Connection Failed"); console.log("MySQL Connection Failed");
return false; return false;
} }
var query = "SELECT * FROM registrations WHERE uname='{1}' AND pw='{2}'" var query = "SELECT * FROM registrations WHERE uname='{1}'"
.replace(/\{1\}/, name) .replace(/\{1\}/, name)
.replace(/\{2\}/, sha256);
var results = db.querySync(query); var results = db.querySync(query);
var rows = results.fetchAllSync(); var rows = results.fetchAllSync();
db.closeSync();
if(rows.length > 0) { if(rows.length > 0) {
return rows[0]; if(bcrypt.compareSync(pw, rows[0].pw)) {
db.closeSync();
return rows[0];
}
else {
// Check if the sha256 is in the database
// If so, migrate to bcrypt
var sha256 = hashlib.sha256(pw);
if(sha256 == rows[0].pw) {
var newhash = bcrypt.hashSync(pw, 10);
var query = "UPDATE registrations SET pw='{1}' WHERE uname='{2}'"
.replace(/\{1\}/, newhash)
.replace(/\{2\}/, name);
var results = db.querySync(query);
db.closeSync();
if(!results) {
console.log("Failed to migrate password! user=", name);
return false;
}
return rows[0];
}
return false;
}
} }
return false; return false;
} }

1
server.js
View File

@ -13,6 +13,7 @@ var Config = require("./config.js");
var connect = require("connect"); var connect = require("connect");
var app = connect.createServer(connect.static(__dirname+"/www")).listen(Config.IO_PORT); var app = connect.createServer(connect.static(__dirname+"/www")).listen(Config.IO_PORT);
exports.io = require("socket.io").listen(app); exports.io = require("socket.io").listen(app);
exports.io.set("log level", 1);
var User = require("./user.js").User; var User = require("./user.js").User;
var Database = require("./database.js"); var Database = require("./database.js");
Database.init(); Database.init();

18
user.js
View File

@ -58,11 +58,11 @@ User.prototype.initCallbacks = function() {
this.socket.on("login", function(data) { this.socket.on("login", function(data) {
if(this.name == "") if(this.name == "")
this.login(data.name, data.sha256); this.login(data.name, data.pw);
}.bind(this)); }.bind(this));
this.socket.on("register", function(data) { this.socket.on("register", function(data) {
this.register(data.name, data.sha256); this.register(data.name, data.pw);
}.bind(this)); }.bind(this));
this.socket.on("assignLeader", function(data) { this.socket.on("assignLeader", function(data) {
@ -272,7 +272,7 @@ User.prototype.handleAdm = function(data) {
}; };
// Attempt to login // Attempt to login
User.prototype.login = function(name, sha256) { User.prototype.login = function(name, pw) {
if(this.channel != null && name != "") { if(this.channel != null && name != "") {
for(var i = 0; i < this.channel.users.length; i++) { for(var i = 0; i < this.channel.users.length; i++) {
if(this.channel.users[i].name == name) { if(this.channel.users[i].name == name) {
@ -285,7 +285,7 @@ User.prototype.login = function(name, sha256) {
} }
} }
// No password => try guest login // No password => try guest login
if(sha256 == "") { if(pw == "") {
// Sorry bud, can"t take that name // Sorry bud, can"t take that name
if(Auth.isRegistered(name)) { if(Auth.isRegistered(name)) {
this.socket.emit("login", { this.socket.emit("login", {
@ -321,7 +321,7 @@ User.prototype.login = function(name, sha256) {
} }
else { else {
var row; var row;
if((row = Auth.login(name, sha256))) { if((row = Auth.login(name, pw))) {
this.loggedIn = true; this.loggedIn = true;
this.socket.emit("login", { this.socket.emit("login", {
success: true success: true
@ -355,8 +355,8 @@ User.prototype.login = function(name, sha256) {
} }
// Attempt to register a user account // Attempt to register a user account
User.prototype.register = function(name, sha256) { User.prototype.register = function(name, pw) {
if(sha256 == "") { if(pw == "") {
// Sorry bud, password required // Sorry bud, password required
this.socket.emit("register", { this.socket.emit("register", {
success: false, success: false,
@ -377,12 +377,12 @@ User.prototype.register = function(name, sha256) {
error: "Invalid username. Usernames must be 1-20 characters long and consist only of alphanumeric characters and underscores" error: "Invalid username. Usernames must be 1-20 characters long and consist only of alphanumeric characters and underscores"
}); });
} }
else if(Auth.register(name, sha256)) { else if(Auth.register(name, pw)) {
console.log(this.ip + " registered " + name); console.log(this.ip + " registered " + name);
this.socket.emit("register", { this.socket.emit("register", {
success: true success: true
}); });
this.login(name, sha256); this.login(name, pw);
} }
else { else {
this.socket.emit("register", { this.socket.emit("register", {

20
www/assets/js/client.js
View File

@ -98,7 +98,7 @@ firstScriptTag.parentNode.insertBefore(tag, firstScriptTag);
if(uname != null && pw != null && pw != "false") { if(uname != null && pw != null && pw != "false") {
socket.emit("login", { socket.emit("login", {
name: uname, name: uname,
sha256: pw pw: pw
}); });
} }
@ -147,23 +147,20 @@ $("#qlockbtn").click(function() {
function loginClick() { function loginClick() {
uname = $("#username").val(); uname = $("#username").val();
if($("#password").val() == "") pw = $("#password").val();
pw = "";
else
pw = SHA256($("#password").val());
socket.emit("login", { socket.emit("login", {
name: uname, name: uname,
sha256: pw pw: pw
}); });
}; };
$("#login").click(loginClick); $("#login").click(loginClick);
$("#username").keydown(function(ev) { $("#username").keydown(function(ev) {
if(ev.key == 13) if(ev.keyCode == 13)
loginClick(); loginClick();
}); });
$("#password").keydown(function(ev) { $("#password").keydown(function(ev) {
if(ev.key == 13) if(ev.keyCode == 13)
loginClick(); loginClick();
}); });
@ -175,13 +172,10 @@ $("#logout").click(function() {
$("#register").click(function() { $("#register").click(function() {
uname = $("#username").val(); uname = $("#username").val();
if($("#password").val() == "") pw = $("#password").val();
pw = "";
else
pw = SHA256($("#password").val());
socket.emit("register", { socket.emit("register", {
name: uname, name: uname,
sha256: pw pw: pw
}); });
}); });