From dde79491777d784cf93458e661c127534715079f Mon Sep 17 00:00:00 2001 From: trivernis Date: Fri, 27 Nov 2020 18:21:45 +0100 Subject: [PATCH] Fix password being repeated for padding when too short Signed-off-by: trivernis --- Cargo.lock | 1 + Cargo.toml | 3 ++- src/utils/mod.rs | 4 +++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0e893d7..c673c38 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -445,6 +445,7 @@ dependencies = [ "serde", "serde_json", "serde_postgres", + "sha2", "syntect", "zeroize", ] diff --git a/Cargo.toml b/Cargo.toml index b936f81..1445e0b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -36,4 +36,5 @@ parking_lot = "0.11.0" regex = "1.4.2" lazy_static = "1.4.0" schemars = "0.8.0" -syntect = "4.4.0" \ No newline at end of file +syntect = "4.4.0" +sha2 = "0.9.2" \ No newline at end of file diff --git a/src/utils/mod.rs b/src/utils/mod.rs index 7a81780..3cf98a9 100644 --- a/src/utils/mod.rs +++ b/src/utils/mod.rs @@ -7,6 +7,7 @@ use std::panic; use bcrypt::DEFAULT_COST; use byteorder::{BigEndian, ByteOrder}; use rand::Rng; +use sha2::Digest; pub mod error; @@ -47,7 +48,8 @@ pub fn get_user_id_from_token(token: &String) -> Option { pub fn hash_password(password: &[u8], salt: &[u8]) -> Result<[u8; 24], String> { panic::catch_unwind(|| { let mut pw_hash = [0u8; 24]; - bcrypt::bcrypt(DEFAULT_COST, salt, password, &mut pw_hash); + let password = sha2::Sha256::digest(password); + bcrypt::bcrypt(DEFAULT_COST, salt, password.as_slice(), &mut pw_hash); Ok(pw_hash) }) .map_err(|_| "Hashing failed".to_string())?