From 7a510af73a0ef04ce09fb7eedd98c844e7bff51c Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 26 Jan 2014 19:06:42 +0100
Subject: Compatibilité bcrypt.js oubliée
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Corrige https://github.com/marienfressinaud/FreshRSS/issues/396
+ Ajoute de meilleurs messages d'erreur
---
 app/Controllers/indexController.php      |  2 ++
 app/Controllers/javascriptController.php |  2 +-
 app/Controllers/usersController.php      |  1 +
 p/scripts/main.js                        | 20 ++++++++++++--------
 4 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php
index cb6be6049..c49054a5c 100755
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@@ -320,6 +320,8 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 				} catch (Minz_Exception $me) {
 					Minz_Log::record('Login failure: ' . $me->getMessage(), Minz_Log::WARNING);
 				}
+			} else {
+				Minz_Log::record('Invalid credential parameters: user=' . $username . ' challenge=' . $c . ' nonce=' . $nonce, Minz_Log::DEBUG);
 			}
 			if (!$ok) {
 				$notif = array(
diff --git a/app/Controllers/javascriptController.php b/app/Controllers/javascriptController.php
index 02e424437..b879dcd6d 100755
--- a/app/Controllers/javascriptController.php
+++ b/app/Controllers/javascriptController.php
@@ -37,7 +37,7 @@ class FreshRSS_javascript_Controller extends Minz_ActionController {
 					return;	//Success
 				}
 			} catch (Minz_Exception $me) {
-				Minz_Log::record('Login failure: ' . $me->getMessage(), Minz_Log::WARNING);
+				Minz_Log::record('Nonce failure: ' . $me->getMessage(), Minz_Log::WARNING);
 			}
 		}
 		$this->view->nonce = '';	//Failure
diff --git a/app/Controllers/usersController.php b/app/Controllers/usersController.php
index a044cd25b..8314b75fc 100644
--- a/app/Controllers/usersController.php
+++ b/app/Controllers/usersController.php
@@ -106,6 +106,7 @@ class FreshRSS_users_Controller extends Minz_ActionController {
 					}
 					$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
 					$passwordPlain = '';
+					$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);	//Compatibility with bcrypt.js
 					$ok &= ($passwordHash != '');
 				}
 				if (empty($passwordHash)) {
diff --git a/p/scripts/main.js b/p/scripts/main.js
index d891299a8..d775b3a20 100644
--- a/p/scripts/main.js
+++ b/p/scripts/main.js
@@ -626,14 +626,18 @@ function init_loginForm() {
 			if (data.salt1 == '' || data.nonce == '') {
 				alert('Invalid user!');
 			} else {
-				var strong = window.Uint32Array && window.crypto && (typeof window.crypto.getRandomValues === 'function'),
-					s = dcodeIO.bcrypt.hashSync($('#passwordPlain').val(), data.salt1),
-					c = dcodeIO.bcrypt.hashSync(data.nonce + s, strong ? 4 : poormanSalt());
-				$('#challenge').val(c);
-				if (s == '' || c == '') {
-					alert('Crypto error!');
-				} else {
-					success = true;
+				try {
+					var strong = window.Uint32Array && window.crypto && (typeof window.crypto.getRandomValues === 'function'),
+						s = dcodeIO.bcrypt.hashSync($('#passwordPlain').val(), data.salt1),
+						c = dcodeIO.bcrypt.hashSync(data.nonce + s, strong ? 4 : poormanSalt());
+					$('#challenge').val(c);
+					if (s == '' || c == '') {
+						alert('Crypto error!');
+					} else {
+						success = true;
+					}
+				} catch (e) {
+					alert('Crypto exception! ' + e);
 				}
 			}
 		}).fail(function() {
-- 
cgit v1.2.3