mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-05-05 06:37:10 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge 1603c2f5dd into 18ac89e374

Browse source
This commit is contained in:
GitHub Merge Button 2011-12-11 07:22:48 -08:00
commit dca621bb36
3 changed files with 39 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

20
node/db/Pad.js
View file

@ -496,9 +496,13 @@ Class('Pad', {
this.passwordHash = password == null ? null : hash(password, generateSalt());
db.setSub("pad:"+this.id, ["passwordHash"], this.passwordHash);
},
getPasswordSalt: function()
{
return this.passwordHash.split("$")[1];
},
isCorrectPassword: function(password)
{
return compare(this.passwordHash, password)
return timeSensitiveCompare(this.passwordHash, password)
},
isPasswordProtected: function()
{
@ -519,17 +523,21 @@ function hash(password, salt)
function generateSalt()
{
var len = 86;
var chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
var charset = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
var randomstring = '';
for (var i = 0; i < len; i++)
{
var rnum = Math.floor(Math.random() * chars.length);
randomstring += chars.substring(rnum, rnum + 1);
var rnum = Math.floor(Math.random() * charset.length);
randomstring += charset[rnum];
}
return randomstring;
}
function compare(hashStr, password)
/* Compare the timed password hash with the saved value.
* If the hash was generated too far in the past, it is rejected. */
function timeSensitiveCompare(hashStr, password)
{
return hash(password, hashStr.split("$")[1]) === hashStr;
var timestamp = password.split("$")[1];
return password === hash(hashStr, timestamp)
&& timestamp > new Date().getTime();
}