fLotte-meets-HWR-DB
/
flotte-user-management
mirror of https://github.com/fLotte-meets-HWR-DB/flotte-user-management.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #18 from fLotte-meets-HWR-DB/develop

Browse Source 
Fix password being repeated for padding when too short
leon_tries_rust
Trivernis 4 years ago committed by GitHub
parent 8ef4e744bb dde7949177
commit 57d5bc717f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File

1
Cargo.lock generated
Unescape Escape View File

@ -445,6 +445,7 @@ dependencies = [
"serde", "serde",
"serde_json", "serde_json",
"serde_postgres", "serde_postgres",
"sha2",
"syntect", "syntect",
"zeroize", "zeroize",
] ]

1
Cargo.toml
Unescape Escape View File

@ -37,3 +37,4 @@ regex = "1.4.2"
lazy_static = "1.4.0" lazy_static = "1.4.0"
schemars = "0.8.0" schemars = "0.8.0"
syntect = "4.4.0" syntect = "4.4.0"
sha2 = "0.9.2"

4
src/utils/mod.rs
Unescape Escape View File

@ -7,6 +7,7 @@ use std::panic;
use bcrypt::DEFAULT_COST; use bcrypt::DEFAULT_COST;
use byteorder::{BigEndian, ByteOrder}; use byteorder::{BigEndian, ByteOrder};
use rand::Rng; use rand::Rng;
use sha2::Digest;
pub mod error; pub mod error;
@ -47,7 +48,8 @@ pub fn get_user_id_from_token(token: &String) -> Option<i32> {
pub fn hash_password(password: &[u8], salt: &[u8]) -> Result<[u8; 24], String> { pub fn hash_password(password: &[u8], salt: &[u8]) -> Result<[u8; 24], String> {
panic::catch_unwind(|| { panic::catch_unwind(|| {
let mut pw_hash = [0u8; 24]; let mut pw_hash = [0u8; 24];
bcrypt::bcrypt(DEFAULT_COST, salt, password, &mut pw_hash); let password = sha2::Sha256::digest(password);
bcrypt::bcrypt(DEFAULT_COST, salt, password.as_slice(), &mut pw_hash);
Ok(pw_hash) Ok(pw_hash)
}) })
.map_err(|_| "Hashing failed".to_string())? .map_err(|_| "Hashing failed".to_string())?

Write Preview
Loading…
Cancel
Save