From 927a0c14065c00303fef2b88dcdb73edc714949c Mon Sep 17 00:00:00 2001 From: Adam Strzelecki Date: Fri, 27 Nov 2015 17:50:05 +0100 Subject: [PATCH] Fallback to BCrypt auth when BCRYPT_AUTH_FALLBACK --- models/user.go | 10 +++++++++- modules/setting/setting.go | 2 ++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/models/user.go b/models/user.go index fa19e0c4b..3181116f6 100644 --- a/models/user.go +++ b/models/user.go @@ -21,6 +21,8 @@ import ( "strings" "time" + "golang.org/x/crypto/bcrypt" + "github.com/Unknwon/com" "github.com/go-xorm/xorm" "github.com/nfnt/resize" @@ -251,7 +253,13 @@ func (u *User) EncodePasswd() { func (u *User) ValidatePassword(passwd string) bool { newUser := &User{Passwd: passwd, Salt: u.Salt} newUser.EncodePasswd() - return u.Passwd == newUser.Passwd + if u.Passwd == newUser.Passwd { + return true + } + if setting.BCryptAuthFallback && bcrypt.CompareHashAndPassword([]byte(u.Passwd), []byte(passwd)) == nil { + return true + } + return false } // UploadAvatar saves custom avatar for user. diff --git a/modules/setting/setting.go b/modules/setting/setting.go index a8a31ddc7..9e1ffb2ed 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -77,6 +77,7 @@ var ( CookieUserName string CookieRememberName string ReverseProxyAuthUser string + BCryptAuthFallback bool // Database settings. UseSQLite3 bool @@ -324,6 +325,7 @@ func NewContext() { CookieUserName = sec.Key("COOKIE_USERNAME").String() CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").String() ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER") + BCryptAuthFallback = sec.Key("BCRYPT_AUTH_FALLBACK").MustBool() sec = Cfg.Section("attachment") AttachmentPath = sec.Key("PATH").MustString(path.Join(AppDataPath, "attachments"))