Add check_smf_scrypt for scrypt(sha1(user+pass))

2024-11-21 08:25:08 -05:00 · 2016-08-07 22:57:50 -04:00 · 2016-08-07 22:57:50 -04:00 · 5f4d44f677
commit 5f4d44f677
parent 6bc90f3004
1 changed files with 14 additions and 2 deletions
--- a/plugin.rb
+++ b/plugin.rb
@ -1,6 +1,6 @@
 # name: discourse-migratepassword
 # about: enable alternative password hashes
-# version: 0.6a
+# version: 0.7
 # authors: Jens Maier and Michael@discoursehosting.com
 
 # uses phpass-ruby https://github.com/uu59/phpass-ruby
@ -16,6 +16,7 @@
 # for WBBlite                  #{salt}:#{hash}          sha1(salt+sha1(salt+sha1(pass)))

 gem 'bcrypt', '3.1.3'
+gem 'scrypt', '3.0.1'

 require 'digest'

@ -105,7 +106,7 @@ after_initialize do
        end
 
        def self.check_all(password, crypted_pass)
-            AlternativePassword::check_smf_bcrypt(password, crypted_pass)
+            AlternativePassword::check_smf_scrypt(password, crypted_pass)
        end

        def self.check_bcrypt(password, crypted_pass)
@ -153,6 +154,17 @@ after_initialize do
            end
        end

+        def self.check_smf_scrypt(password, crypted_pass)
+            user, hash = crypted_pass.split(':', 2)
+            sha1 = Digest::SHA1.new
+            sha1.update user + password
+            begin
+              SCrypt::Password.new(hash) == sha1.hexdigest
+            rescue
+              false
+            end
+        end
+
        def self.check_ipb(password, crypted_pass)
            salt, hash = crypted_pass.split(':', 2)
            !salt.nil? && hash == Digest::MD5.hexdigest(Digest::MD5.hexdigest(salt) + Digest::MD5.hexdigest(password))