Backup_Repos/filestash
1
0
Fork 0
mirror of https://github.com/mickael-kerjean/filestash synced 2025-12-15 21:04:46 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of ssh://github.com/mickael-kerjean/filestash

Browse source
This commit is contained in:
MickaelK 2025-06-30 12:18:47 +10:00
commit b59707c111
1 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
server/plugin/plg_authenticate_htpasswd/index.go
View file

@ -123,10 +123,7 @@ func (this Htpasswd) Callback(formData map[string]string, idpParams map[string]s
} }
func verifyPassword(password string, hash string, _user string) bool { func verifyPassword(password string, hash string, _user string) bool {
if password == hash { if strings.HasPrefix(hash, "{SHA}") {
Log.Warning("plg_authenticate_htpasswd password for user '%s' isn't stored in a secure way, you should hash your password using something like 'openssl passwd -6'", _user)
return true
} else if strings.HasPrefix(hash, "{SHA}") {
d := sha1.New() d := sha1.New()
d.Write([]byte(password)) d.Write([]byte(password))
return subtle.ConstantTimeCompare( return subtle.ConstantTimeCompare(
@ -137,7 +134,12 @@ func verifyPassword(password string, hash string, _user string) bool {
var c crypt.Crypter var c crypt.Crypter
parts := strings.SplitN(hash, "$", 4) parts := strings.SplitN(hash, "$", 4)
if len(parts) != 4 { if len(parts) != 4 {
return false if password == hash {
Log.Warning("plg_authenticate_htpasswd password for user '%s' isn't stored in a secure way, you should hash your password using something like 'openssl passwd -6'", _user)
return true
} else {
return false
}
} }
if strings.HasPrefix(hash, "$apr1$") { if strings.HasPrefix(hash, "$apr1$") {
c = apr1_crypt.New() c = apr1_crypt.New()