Backup_Repos/filestash
1
0
Fork 0
mirror of https://github.com/mickael-kerjean/filestash synced 2025-12-06 08:22:24 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of ssh://github.com/mickael-kerjean/filestash

Browse source
This commit is contained in:
MickaelK 2025-06-30 12:18:47 +10:00
commit b59707c111
1 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
server/plugin/plg_authenticate_htpasswd/index.go
View file

@ -123,10 +123,7 @@ func (this Htpasswd) Callback(formData map[string]string, idpParams map[string]s
}
func verifyPassword(password string, hash string, _user string) bool {
if password == hash {
Log.Warning("plg_authenticate_htpasswd password for user '%s' isn't stored in a secure way, you should hash your password using something like 'openssl passwd -6'", _user)
return true
} else if strings.HasPrefix(hash, "{SHA}") {
if strings.HasPrefix(hash, "{SHA}") {
d := sha1.New()
d.Write([]byte(password))
return subtle.ConstantTimeCompare(
@ -137,8 +134,13 @@ func verifyPassword(password string, hash string, _user string) bool {
var c crypt.Crypter
parts := strings.SplitN(hash, "$", 4)
if len(parts) != 4 {
if password == hash {
Log.Warning("plg_authenticate_htpasswd password for user '%s' isn't stored in a secure way, you should hash your password using something like 'openssl passwd -6'", _user)
return true
} else {
return false
}
}
if strings.HasPrefix(hash, "$apr1$") {
c = apr1_crypt.New()
parts[2] = "$apr1$" + parts[2]