mirror of
https://github.com/ether/etherpad-lite.git
synced 2025-05-05 06:37:10 -04:00
Working as it should. Except you need to type in your password after you created the pad. But that I won't fix today.
This commit is contained in:
jaseg
parent
e9f6a10039
commit
c905fd76c1
8 changed files with 182 additions and 17 deletions
|
|
@ -495,7 +495,7 @@ Class('Pad', {
|
|||
},
|
||||
getPasswordSalt: function()
|
||||
{
|
||||
return this.passwordHash.split("$")[1];
|
||||
return this.passwordHash == null? null:this.passwordHash.split("$")[1];
|
||||
},
|
||||
isCorrectPassword: function(password)
|
||||
{
|
||||
|
|
@ -512,7 +512,7 @@ Class('Pad', {
|
|||
|
||||
function hash(password, salt)
|
||||
{
|
||||
var shasum = crypto.createHash('sha512');
|
||||
var shasum = crypto.createHash('sha256');
|
||||
shasum.update(password + salt);
|
||||
return shasum.digest("hex") + "$" + salt;
|
||||
}
|
||||
|
|
@ -524,7 +524,7 @@ function generateSalt()
|
|||
var randomstring = '';
|
||||
for (var i = 0; i < len; i++)
|
||||
{
|
||||
randomstring += chars[Math.floor(Math.random() * chars.length)];
|
||||
randomstring += charset[Math.floor(Math.random() * charset.length)];
|
||||
}
|
||||
return randomstring;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -133,8 +133,8 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
|
|||
//is it password protected?
|
||||
isPasswordProtected = pad.isPasswordProtected();
|
||||
|
||||
//get the password salt used by the hash function
|
||||
pwsalt = pad.getPasswordSalt();
|
||||
//get the password salt used by the hash function
|
||||
pwsalt = pad.getPasswordSalt();
|
||||
|
||||
//is password correct?
|
||||
if(isPasswordProtected && password && pad.isCorrectPassword(password))
|
||||
|
|
@ -205,18 +205,19 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
|
|||
else if(isPublic && isPasswordProtected && passwordStatus == "wrong")
|
||||
{
|
||||
//--> deny access, ask for new password and tell them that the password is wrong
|
||||
statusObject = {accessStatus: "wrongPassword"};
|
||||
statusObject = {accessStatus: "wrongPassword", passwordSalt: pwsalt};
|
||||
}
|
||||
//- its public and the pad is password protected but no password given
|
||||
else if(isPublic && isPasswordProtected && passwordStatus == "notGiven")
|
||||
{
|
||||
//--> ask for password
|
||||
statusObject = {accessStatus: "needPassword"};
|
||||
statusObject = {accessStatus: "needPassword", passwordSalt: pwsalt};
|
||||
}
|
||||
//- its not public
|
||||
else if(!isPublic)
|
||||
{
|
||||
//--> deny access
|
||||
console.log("not public");
|
||||
statusObject = {accessStatus: "deny"};
|
||||
}
|
||||
else
|
||||
|
|
@ -228,6 +229,7 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
|
|||
else
|
||||
{
|
||||
//--> deny access
|
||||
console.log("imaginary pad");
|
||||
statusObject = {accessStatus: "deny"};
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue