mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-05-05 06:37:10 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Working as it should. Except you need to type in your password after you created the pad. But that I won't fix today.

Browse source
This commit is contained in:
jaseg 2011-12-06 23:12:58 +01:00
parent e9f6a10039
commit c905fd76c1
8 changed files with 182 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

6
node/db/Pad.js
View file

@ -495,7 +495,7 @@ Class('Pad', {
},
getPasswordSalt: function()
{
return this.passwordHash.split("$")[1];
return this.passwordHash == null? null:this.passwordHash.split("$")[1];
},
isCorrectPassword: function(password)
{
@ -512,7 +512,7 @@ Class('Pad', {
function hash(password, salt)
{
var shasum = crypto.createHash('sha512');
var shasum = crypto.createHash('sha256');
shasum.update(password + salt);
return shasum.digest("hex") + "$" + salt;
}
@ -524,7 +524,7 @@ function generateSalt()
var randomstring = '';
for (var i = 0; i < len; i++)
{
randomstring += chars[Math.floor(Math.random() * chars.length)];
randomstring += charset[Math.floor(Math.random() * charset.length)];
}
return randomstring;
}

10
node/db/SecurityManager.js
View file

@ -133,8 +133,8 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
//is it password protected?
isPasswordProtected = pad.isPasswordProtected();
//get the password salt used by the hash function
pwsalt = pad.getPasswordSalt();
//get the password salt used by the hash function
pwsalt = pad.getPasswordSalt();
//is password correct?
if(isPasswordProtected && password && pad.isCorrectPassword(password))
@ -205,18 +205,19 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
else if(isPublic && isPasswordProtected && passwordStatus == "wrong")
{
//--> deny access, ask for new password and tell them that the password is wrong
statusObject = {accessStatus: "wrongPassword"};
statusObject = {accessStatus: "wrongPassword", passwordSalt: pwsalt};
}
//- its public and the pad is password protected but no password given
else if(isPublic && isPasswordProtected && passwordStatus == "notGiven")
{
//--> ask for password
statusObject = {accessStatus: "needPassword"};
statusObject = {accessStatus: "needPassword", passwordSalt: pwsalt};
}
//- its not public
else if(!isPublic)
{
//--> deny access
console.log("not public");
statusObject = {accessStatus: "deny"};
}
else
@ -228,6 +229,7 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
else
{
//--> deny access
console.log("imaginary pad");
statusObject = {accessStatus: "deny"};
}

2
node/handler/PadMessageHandler.js
View file

@ -644,7 +644,7 @@ function handleClientReady(client, message)
//no access, send the client a message that tell him why
else
{
client.json.send({accessStatus: statusObject.accessStatus})
client.json.send({accessStatus: statusObject.accessStatus, passwordSalt: statusObject.passwordSalt})
}
});
},

6
node/handler/SocketIORouter.js
View file

@ -92,7 +92,7 @@ exports.setSocketIO = function(_socket)
{
if(message.protocolVersion && message.protocolVersion != 2)
{
messageLogger.warn("Protocolversion header is not correct:" + stringifyWithoutPassword(message));
messageLogger.warn("Protocol version header is not correct:" + stringifyWithoutPassword(message));
return;
}
@ -121,14 +121,14 @@ exports.setSocketIO = function(_socket)
else
{
messageLogger.warn("Authentication try failed:" + stringifyWithoutPassword(message));
client.json.send({accessStatus: statusObject.accessStatus});
client.json.send({accessStatus: statusObject.accessStatus, passwordSalt: statusObject.passwordSalt});
}
});
}
//drop message
else
{
messageLogger.warn("Droped message cause of bad permissions:" + stringifyWithoutPassword(message));
messageLogger.warn("Dropped message cause of insufficient permissions:" + stringifyWithoutPassword(message));
}
}
});