-
Notifications
You must be signed in to change notification settings - Fork 0
/
pass.js
125 lines (113 loc) · 3.49 KB
/
pass.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
var crypto = require("crypto"),
exec = require('child_process').exec;
/**
* pass.generate(password, callback) -> undefined
* - password (String): password to be used as hash source
* - callback (Function): callback
*
* Generates an Apache htpasswd password (SHA1)
**/
exports.generate = function(password, callback){
var c;
try{
var c = crypto.createHash("sha1");
c.update(password);
c = c.digest("base64");
}catch(E){
return callback && callback(E, null);
}
callback && callback(null, "{SHA}"+c);
}
/**
* pass.validate(password, hash, callback) -> undefined
* - password (String): password to be validated
* - hash (String): password hash to be checked against
* - callback (Function): callback
*
* Checks if an Apache htpasswd password matches with its hash.
**/
exports.validate = function(password, hash, callback){
callback = callback || function(){};
password = password || "";
hash = hash && hash.trim() || "";
var salt = "", parts;
//SHA - {SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE= (myPassword)
if(hash.substr(0,5)=="{SHA}"){
hash = hash.substr(5);
return validate_sha(password, hash, callback);
}
//MD5 - $apr1$r31.....$HqJZimcKQFAMYayBlzkrA/ (myPassword)
if(hash.substr(0,6)=="$apr1$"){
parts = hash.split("$");
parts.shift();
parts.shift();
salt = parts.shift();
hash = parts.join("$");
return validate_md5(password, hash, salt, callback);
}
// CRYPT - rqXexS6ZhobKA (myPassword)
if(hash.length==13){
salt = hash.substr(0,2);
hash = hash.substr(2);
return validate_crypt(password, hash, salt, callback);
}
// PLAIN
return callback(null, password==hash);
}
/**
* validate_sha(password, hash, callback) -> undefined
* - password (String): password to be validated
* - hash (String): password hash to be checked against
* - callback (Function): callback
*
* Validates a SHA1 password
**/
function validate_sha(password, hash, callback){
var c;
try{
c = crypto.createHash("sha1");
c.update(password);
c = c.digest("base64");
}catch(E){
return callback(E, null);
}
callback(null, c==hash);
}
/**
* validate_sha(password, hash, callback) -> undefined
* - password (String): password to be validated
* - hash (String): password hash to be checked against
* - callback (Function): callback
*
* Validates an APR1/MD5 password
**/
function validate_md5(password, hash, salt, callback){
exec(
'openssl passwd -apr1 -salt '+salt+' "'+password.replace(/"/,"\\\"")+'"',
function (error, stdout, stderr) {
if(error){
return callback(error, null);
}
callback(null, stdout && stdout.trim()=='$apr1$'+salt+'$'+hash);
}
);
}
/**
* validate_sha(password, hash, callback) -> undefined
* - password (String): password to be validated
* - hash (String): password hash to be checked against
* - callback (Function): callback
*
* Validates a Linux crypt(3) password
**/
function validate_crypt(password, hash, salt, callback){
exec(
'openssl passwd -crypt -salt '+salt+' "'+password.replace(/"/,"\\\"")+'"',
function (error, stdout, stderr) {
if(error){
return callback(error, null);
}
callback(null, stdout && stdout.trim()==salt+hash);
}
);
}