diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2014-01-26 19:06:42 +0100 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre@alapetite.fr>
| 2014-01-26 19:06:42 +0100 |
| commit | 7a510af73a0ef04ce09fb7eedd98c844e7bff51c (patch) | |
| tree | 193063e9988ebaeff8750b7be29f7e8f30809bf9 | |
| parent | 1031c19779d4cd6764dab6fbc8360cc99ff83409 (diff) | |
Compatibilité bcrypt.js oubliée
Corrige https://github.com/marienfressinaud/FreshRSS/issues/396
+ Ajoute de meilleurs messages d'erreur
| -rwxr-xr-x | app/Controllers/indexController.php | 2 | ||||
| -rwxr-xr-x | app/Controllers/javascriptController.php | 2 | ||||
| -rw-r--r-- | app/Controllers/usersController.php | 1 | ||||
| -rw-r--r-- | p/scripts/main.js | 20 |
4 files changed, 16 insertions, 9 deletions
diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index cb6be6049..c49054a5c 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -320,6 +320,8 @@ class FreshRSS_index_Controller extends Minz_ActionController { } catch (Minz_Exception $me) { Minz_Log::record('Login failure: ' . $me->getMessage(), Minz_Log::WARNING); } + } else { + Minz_Log::record('Invalid credential parameters: user=' . $username . ' challenge=' . $c . ' nonce=' . $nonce, Minz_Log::DEBUG); } if (!$ok) { $notif = array( diff --git a/app/Controllers/javascriptController.php b/app/Controllers/javascriptController.php index 02e424437..b879dcd6d 100755 --- a/app/Controllers/javascriptController.php +++ b/app/Controllers/javascriptController.php @@ -37,7 +37,7 @@ class FreshRSS_javascript_Controller extends Minz_ActionController { return; //Success } } catch (Minz_Exception $me) { - Minz_Log::record('Login failure: ' . $me->getMessage(), Minz_Log::WARNING); + Minz_Log::record('Nonce failure: ' . $me->getMessage(), Minz_Log::WARNING); } } $this->view->nonce = ''; //Failure diff --git a/app/Controllers/usersController.php b/app/Controllers/usersController.php index a044cd25b..8314b75fc 100644 --- a/app/Controllers/usersController.php +++ b/app/Controllers/usersController.php @@ -106,6 +106,7 @@ class FreshRSS_users_Controller extends Minz_ActionController { } $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST)); $passwordPlain = ''; + $passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash); //Compatibility with bcrypt.js $ok &= ($passwordHash != ''); } if (empty($passwordHash)) { diff --git a/p/scripts/main.js b/p/scripts/main.js index d891299a8..d775b3a20 100644 --- a/p/scripts/main.js +++ b/p/scripts/main.js @@ -626,14 +626,18 @@ function init_loginForm() { if (data.salt1 == '' || data.nonce == '') { alert('Invalid user!'); } else { - var strong = window.Uint32Array && window.crypto && (typeof window.crypto.getRandomValues === 'function'), - s = dcodeIO.bcrypt.hashSync($('#passwordPlain').val(), data.salt1), - c = dcodeIO.bcrypt.hashSync(data.nonce + s, strong ? 4 : poormanSalt()); - $('#challenge').val(c); - if (s == '' || c == '') { - alert('Crypto error!'); - } else { - success = true; + try { + var strong = window.Uint32Array && window.crypto && (typeof window.crypto.getRandomValues === 'function'), + s = dcodeIO.bcrypt.hashSync($('#passwordPlain').val(), data.salt1), + c = dcodeIO.bcrypt.hashSync(data.nonce + s, strong ? 4 : poormanSalt()); + $('#challenge').val(c); + if (s == '' || c == '') { + alert('Crypto error!'); + } else { + success = true; + } + } catch (e) { + alert('Crypto exception! ' + e); } } }).fail(function() { |