Commit 9738b3db authored by Xavier Guimard's avatar Xavier Guimard

perltidy

parent 6823a6e0
...@@ -2,64 +2,77 @@ use Lemonldap::NG::Portal::Lib::DBI; ...@@ -2,64 +2,77 @@ use Lemonldap::NG::Portal::Lib::DBI;
use MIME::Base64; use MIME::Base64;
{ {
no warnings 'redefine'; no warnings 'redefine';
sub Lemonldap::NG::Portal::Lib::DBI::hash_password_from_database { sub Lemonldap::NG::Portal::Lib::DBI::hash_password_from_database {
# Remark: database function must get hexadecimal input # Remark: database function must get hexadecimal input
# and send back hexadecimal output # and send back hexadecimal output
my $self = shift; my $self = shift;
my $dbh = shift; my $dbh = shift;
my $dbmethod = shift; my $dbmethod = shift;
my $dbsalt = shift; my $dbsalt = shift;
my $password = shift; my $password = shift;
# Create functions
# Create functions use Digest::SHA;
use Digest::SHA; $dbh->sqlite_create_function(
$dbh->sqlite_create_function( 'sha256', 1, sub { my $p = shift; return unpack('H*', Digest::SHA->new(256)->add(pack('H*', $p))->digest); } ); 'sha256', 1,
$dbh->sqlite_create_function( 'sha512', 1, sub { my $p = shift; return unpack('H*', Digest::SHA->new(512)->add(pack('H*', $p))->digest); } ); sub {
my $p = shift;
# convert password to hexa return
my $passwordh = unpack "H*", $password; unpack( 'H*',
Digest::SHA->new(256)->add( pack( 'H*', $p ) )->digest );
my @rows = (); }
eval { );
my $sth = $dbh->prepare("SELECT $dbmethod('$passwordh$dbsalt')"); $dbh->sqlite_create_function(
$sth->execute(); 'sha512', 1,
@rows = $sth->fetchrow_array(); sub {
}; my $p = shift;
if ($@) { return
$self->logger->error( unpack( 'H*',
"DBI error while hashing with '$dbmethod' hash function: $@"); Digest::SHA->new(512)->add( pack( 'H*', $p ) )->digest );
$self->userLogger->warn("Unable to check password"); }
return ""; );
}
# convert password to hexa
if ( @rows == 1 ) { my $passwordh = unpack "H*", $password;
$self->logger->debug(
"Successfully hashed password with $dbmethod hash function in database" my @rows = ();
); eval {
my $sth = $dbh->prepare("SELECT $dbmethod('$passwordh$dbsalt')");
# convert salt to binary $sth->execute();
my $dbsaltb = pack 'H*', $dbsalt; @rows = $sth->fetchrow_array();
};
# convert result to binary if ($@) {
my $res = pack 'H*', $rows[0]; $self->logger->error(
"DBI error while hashing with '$dbmethod' hash function: $@");
return encode_base64( $res . $dbsaltb, '' ); $self->userLogger->warn("Unable to check password");
} return "";
else { }
$self->userLogger->warn("Unable to check password with '$dbmethod'");
return ""; if ( @rows == 1 ) {
} $self->logger->debug(
"Successfully hashed password with $dbmethod hash function in database"
# Return encode_base64(SQL_METHOD(password + salt) + salt) );
}
}
# convert salt to binary
my $dbsaltb = pack 'H*', $dbsalt;
# convert result to binary
my $res = pack 'H*', $rows[0];
return encode_base64( $res . $dbsaltb, '' );
}
else {
$self->userLogger->warn(
"Unable to check password with '$dbmethod'");
return "";
}
# Return encode_base64(SQL_METHOD(password + salt) + salt)
}
}
use Test::More; use Test::More;
use strict; use strict;
...@@ -72,37 +85,43 @@ my $mainTests = 3; ...@@ -72,37 +85,43 @@ my $mainTests = 3;
eval { unlink 't/userdb.db' }; eval { unlink 't/userdb.db' };
SKIP: { SKIP: {
eval { require DBI; require DBD::SQLite; use Digest::SHA}; eval { require DBI; require DBD::SQLite; use Digest::SHA };
if ($@) { if ($@) {
skip 'DBD::SQLite not found', $mainTests; skip 'DBD::SQLite not found', $mainTests;
} }
my $dbh = DBI->connect("dbi:SQLite:dbname=t/userdb.db"); my $dbh = DBI->connect("dbi:SQLite:dbname=t/userdb.db");
$dbh->do('CREATE TABLE users (user text,password text,name text)'); $dbh->do('CREATE TABLE users (user text,password text,name text)');
# password secret1 # password secret1
$dbh->do("INSERT INTO users VALUES ('dwho','secret1','Doctor who')"); $dbh->do("INSERT INTO users VALUES ('dwho','secret1','Doctor who')");
# password secret2 # password secret2
$dbh->do("INSERT INTO users VALUES ('rtyler','{sha256}NSJNDTRl106FX41poTbnnHROo1pnXTOTNgoyfL9jWaI=','Rose Tyler')"); $dbh->do(
"INSERT INTO users VALUES ('rtyler','{sha256}NSJNDTRl106FX41poTbnnHROo1pnXTOTNgoyfL9jWaI=','Rose Tyler')"
);
# password secret3 # password secret3
$dbh->do("INSERT INTO users VALUES ('jsmith','{ssha512}wr0zU/I6f7U4bVoeOlJnNFbhF0a9np59LUeNnhokohVI/wiNzt8Y4JujfOfNQiGuiVgY+xrYggfmgpke6KdjxKS7W0GR1ZCe','John Smith')"); $dbh->do(
"INSERT INTO users VALUES ('jsmith','{ssha512}wr0zU/I6f7U4bVoeOlJnNFbhF0a9np59LUeNnhokohVI/wiNzt8Y4JujfOfNQiGuiVgY+xrYggfmgpke6KdjxKS7W0GR1ZCe','John Smith')"
);
my $client = LLNG::Manager::Test->new( my $client = LLNG::Manager::Test->new(
{ {
ini => { ini => {
logLevel => 'error', logLevel => 'error',
useSafeJail => 1, useSafeJail => 1,
authentication => 'DBI', authentication => 'DBI',
userDB => 'Same', userDB => 'Same',
dbiAuthChain => 'dbi:SQLite:dbname=t/userdb.db', dbiAuthChain => 'dbi:SQLite:dbname=t/userdb.db',
dbiAuthUser => '', dbiAuthUser => '',
dbiAuthPassword => '', dbiAuthPassword => '',
dbiAuthTable => 'users', dbiAuthTable => 'users',
dbiAuthLoginCol => 'user', dbiAuthLoginCol => 'user',
dbiAuthPasswordCol => 'password', dbiAuthPasswordCol => 'password',
dbiAuthPasswordHash => '', dbiAuthPasswordHash => '',
dbiDynamicHashEnabled => 1, dbiDynamicHashEnabled => 1,
dbiDynamicHashValidSchemes => 'sha sha256 sha512', dbiDynamicHashValidSchemes => 'sha sha256 sha512',
dbiDynamicHashValidSaltedSchemes => 'ssha ssha256 ssha512', dbiDynamicHashValidSaltedSchemes => 'ssha ssha256 ssha512',
dbiDynamicHashNewPasswordScheme => 'ssha256', dbiDynamicHashNewPasswordScheme => 'ssha256',
passwordDB => 'DBI', passwordDB => 'DBI',
...@@ -114,8 +133,7 @@ SKIP: { ...@@ -114,8 +133,7 @@ SKIP: {
# Try to authenticate against plaintext password # Try to authenticate against plaintext password
ok( ok(
$res = $client->_post( $res = $client->_post(
'/', '/', IO::String->new('user=dwho&password=secret1'),
IO::String->new('user=dwho&password=secret1'),
length => 26 length => 26
), ),
'Authentication against plaintext password' 'Authentication against plaintext password'
...@@ -127,27 +145,25 @@ SKIP: { ...@@ -127,27 +145,25 @@ SKIP: {
# Try to authenticate against static hashed password # Try to authenticate against static hashed password
ok( ok(
$res = $client->_post( $res = $client->_post(
'/', '/', IO::String->new('user=rtyler&password=secret2'),
IO::String->new('user=rtyler&password=secret2'),
length => 28 length => 28
), ),
'Authentication against static SHA-256 hashed password' 'Authentication against static SHA-256 hashed password'
); );
expectOK($res); expectOK($res);
my $id = expectCookie($res); $id = expectCookie($res);
$client->logout($id); $client->logout($id);
# Try to authenticate against salted password # Try to authenticate against salted password
ok( ok(
$res = $client->_post( $res = $client->_post(
'/', '/', IO::String->new('user=jsmith&password=secret3'),
IO::String->new('user=jsmith&password=secret3'),
length => 28 length => 28
), ),
'Authentication against salted SHA-512 password' 'Authentication against salted SHA-512 password'
); );
expectOK($res); expectOK($res);
my $id = expectCookie($res); $id = expectCookie($res);
$client->logout($id); $client->logout($id);
clean_sessions(); clean_sessions();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment