free
/
freedombone
Sledovat 1
Oblíbit 0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 0 Wiki Activity
Procházet zdrojové kódy

Don't use hashing for etherpad passwords. They're still somewhat defended by TLS or onion encryption The previous bcrypt hash no longer works

Bob Mottram před 7 roky
rodič
cf1ea58e44
revize
cebc7aa5dc
1 změnil soubory, kde provedl 6 přidání a 10 odebrání
Rozdělené zobrazení Ukázat statistiku rozdílových dat
  1. 6
    10
      src/freedombone-app-etherpad

+ 6
- 10
src/freedombone-app-etherpad Zobrazit soubor 

@@ -60,22 +60,18 @@ function logging_off_etherpad {
60 60 
     echo -n ''
61 61 
 }
62 62
63 
-function etherpad_password_hash {
64 
-    echo $(python -c "from passlib.hash import bcrypt;print(bcrypt.encrypt(\"$1\", rounds=10))")
65 
-}
66 
-
67 63 
 function change_password_etherpad {
68 64 
     change_username="$1"
69 
-    new_user_password=$(etherpad_password_hash "$2")
65 
+    new_user_password="$2"
70 66
71 67 
     read_config_param ETHERPAD_DOMAIN_NAME
72 68
73 69 
     if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
74 70 
         user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
75 71 
         if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
76 
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
72 
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
77 73 
         else
78 
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
74 
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
79 75 
         fi
80 76 
         ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2"
81 77 
         systemctl restart etherpad
 
@@ -149,7 +145,7 @@ function create_etherpad_settings {
149 145 
     echo '  "disableIPlogging" : true,' >> $settings_file
150 146
151 147 
     echo '  "users": {' >> $settings_file
152 
-    echo "    \"${MY_USERNAME}\": { \"hash\": \"$(etherpad_password_hash "${ETHERPAD_ADMIN_PASSWORD}")\", \"is_admin\": true }" >> $settings_file
148 
+    echo "    \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }" >> $settings_file
153 149 
     echo '  },' >> $settings_file
154 150
155 151 
     echo '  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file
 
@@ -191,12 +187,12 @@ function remove_user_etherpad {
191 187
192 188 
 function add_user_etherpad {
193 189 
     new_username="$1"
194 
-    new_user_password=$(etherpad_password_hash "$2")
190 
+    new_user_password="$2"
195 191 
     settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
196 192
197 193 
     if ! grep -q "\"$new_username\": {" $settings_file; then
198 194 
         ${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$2"
199 
-        sed -i "/\"users\": {/a    \"$new_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false }," $settings_file
195 
+        sed -i "/\"users\": {/a    \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file
200 196 
         if grep -q "\"$new_username\": {" $settings_file; then
201 197 
             systemctl restart etherpad
202 198 
         else