free
/
freedombone
Obserwuj 1
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Pull Requests 0 Wydania 0 Wiki Aktywność
Przeglądaj źródła

Don't use hashing for etherpad passwords. They're still somewhat defended by TLS or onion encryption The previous bcrypt hash no longer works

Bob Mottram 7 lat temu
rodzic
cf1ea58e44
commit
cebc7aa5dc
1 zmienionych plików z 6 dodań i 10 usunięć
Zunifikowany widok Pokaż statystyki zmian
  1. 6
    10
      src/freedombone-app-etherpad

+ 6
- 10
src/freedombone-app-etherpad Wyświetl plik

60 
     echo -n ''
 60 
     echo -n ''
61 
 }
 61 
 }
62
62
63 
-function etherpad_password_hash {
64 
-    echo $(python -c "from passlib.hash import bcrypt;print(bcrypt.encrypt(\"$1\", rounds=10))")
65 
-}
66 
-
67 
 function change_password_etherpad {
 63 
 function change_password_etherpad {
68 
     change_username="$1"
 64 
     change_username="$1"
69 
-    new_user_password=$(etherpad_password_hash "$2")
65 
+    new_user_password="$2"
70
66
71 
     read_config_param ETHERPAD_DOMAIN_NAME
 67 
     read_config_param ETHERPAD_DOMAIN_NAME
72
68
73 
     if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
 69 
     if grep -q "\"$change_username\": {" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json; then
74 
         user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
 70 
         user_line=$(cat /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json | grep "\"$change_username\": {")
75 
         if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
 71 
         if [[ "$user_line" == *"\"is_admin\": true"* ]]; then
76 
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
72 
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": true }|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
77 
         else
 73 
         else
78 
-            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
74 
+            sed -i "s|\"$change_username\": {.*|\"$change_username\": { \"password\": "$new_user_password", \"is_admin\": false },|g" /var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
79 
         fi
 75 
         fi
80 
         ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2"
 76 
         ${PROJECT_NAME}-pass -u $change_username -a etherpad -p "$2"
81 
         systemctl restart etherpad
 77 
         systemctl restart etherpad
149 
     echo '  "disableIPlogging" : true,' >> $settings_file
 145 
     echo '  "disableIPlogging" : true,' >> $settings_file
150
146
151 
     echo '  "users": {' >> $settings_file
 147 
     echo '  "users": {' >> $settings_file
152 
-    echo "    \"${MY_USERNAME}\": { \"hash\": \"$(etherpad_password_hash "${ETHERPAD_ADMIN_PASSWORD}")\", \"is_admin\": true }" >> $settings_file
148 
+    echo "    \"${MY_USERNAME}\": { \"password\": \"${ETHERPAD_ADMIN_PASSWORD}\", \"is_admin\": true }" >> $settings_file
153 
     echo '  },' >> $settings_file
 149 
     echo '  },' >> $settings_file
154
150
155 
     echo '  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file
 151 
     echo '  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],' >> $settings_file
191
187
192 
 function add_user_etherpad {
 188 
 function add_user_etherpad {
193 
     new_username="$1"
 189 
     new_username="$1"
194 
-    new_user_password=$(etherpad_password_hash "$2")
190 
+    new_user_password="$2"
195 
     settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
 191 
     settings_file=/var/www/${ETHERPAD_DOMAIN_NAME}/htdocs/settings.json
196
192
197 
     if ! grep -q "\"$new_username\": {" $settings_file; then
 193 
     if ! grep -q "\"$new_username\": {" $settings_file; then
198 
         ${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$2"
 194 
         ${PROJECT_NAME}-pass -u $new_username -a etherpad -p "$2"
199 
-        sed -i "/\"users\": {/a    \"$new_username\": { \"hash\": \"$new_user_password\", \"is_admin\": false }," $settings_file
195 
+        sed -i "/\"users\": {/a    \"$new_username\": { \"password\": \"$new_user_password\", \"is_admin\": false }," $settings_file
200 
         if grep -q "\"$new_username\": {" $settings_file; then
 196 
         if grep -q "\"$new_username\": {" $settings_file; then
201 
             systemctl restart etherpad
 197 
             systemctl restart etherpad
202 
         else
 198 
         else