Merge pull request #2 from rgeber/master

Added param option to password generation

pass.js

@@ -5,37 +5,44 @@ var crypto = require("crypto"),
  * pass.generate(password, callback) -> undefined
  * - password (String): password to be used as hash source
  * - callback (Function): callback
- * 
- * Generates an Apache htpasswd password (SHA1)
+ * - param (object): used for algorithm and digest parameter
+ *
+ * Generates an Apache htpasswd password
  **/
-exports.generate = function(password, callback){
+exports.generate = function(password, callback, param){
+    if (!param) param = {};
     var c;
+    var algorithm = param.algorithm ? param.algorithm : 'sha1';
+    var digest = param.digest ? param.digest : 'base64';
+
+    var hash_prefix = {sha1: '{SHA}', md5: '$apr1$'};
+
     try{
-        var c = crypto.createHash("sha1");
+        var c = crypto.createHash(algorithm);
         c.update(password);
-        c = c.digest("base64");
+        c = c.digest(digest);
     }catch(E){
         return callback && callback(E, null);
     }
-    callback && callback(null, "{SHA}"+c);
+    callback && callback(null, hash_prefix[algorithm] + c);
 }
 
 /**
  * pass.validate(password, hash, callback) -> undefined
  * - password (String): password to be validated
  * - hash (String): password hash to be checked against
  * - callback (Function): callback
- * 
+ *
  * Checks if an Apache htpasswd password matches with its hash.
  **/
 exports.validate = function(password, hash, callback){
-    
+
     callback = callback || function(){};
     password = password || "";
     hash = hash && hash.trim() || "";
-    
+
     var salt = "", parts;
-    
+
     //SHA - {SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE= (myPassword)
     if(hash.substr(0,5)=="{SHA}"){
         hash = hash.substr(5);
@@ -58,7 +65,7 @@ exports.validate = function(password, hash, callback){
         hash = hash.substr(2);
         return validate_crypt(password, hash, salt, callback);
     }
-    
+
     // PLAIN
     return callback(null, password==hash);
 }
@@ -69,27 +76,32 @@ exports.validate = function(password, hash, callback){
  * - password (String): password to be validated
  * - hash (String): password hash to be checked against
  * - callback (Function): callback
- * 
+ * - param (object): used to specify algorithm
+ *
  * Validates a SHA1 password
  **/
-function validate_sha(password, hash, callback){
+function validate_sha(password, hash, callback, param){
+    if (!param) param = {};
     var c;
+    var algorithm = param.algorithm ? param.algorithm : 'sha1';
+    var digest = param.digest ? param.digest : 'base64';
+
     try{
-        c = crypto.createHash("sha1");
+        c = crypto.createHash(algorithm);
         c.update(password);
-        c = c.digest("base64");
+        c = c.digest(digest);
     }catch(E){
         return callback(E, null);
     }
-    callback(null, c==hash);    
+    callback(null, c==hash);
 }
 
 /**
  * validate_sha(password, hash, callback) -> undefined
  * - password (String): password to be validated
  * - hash (String): password hash to be checked against
  * - callback (Function): callback
- * 
+ *
  * Validates an APR1/MD5 password
  **/
 function validate_md5(password, hash, salt, callback){
@@ -109,7 +121,7 @@ function validate_md5(password, hash, salt, callback){
  * - password (String): password to be validated
  * - hash (String): password hash to be checked against
  * - callback (Function): callback
- * 
+ *
  * Validates a Linux crypt(3) password
  **/
 function validate_crypt(password, hash, salt, callback){
@@ -122,4 +134,4 @@ function validate_crypt(password, hash, salt, callback){
                 callback(null, stdout && stdout.trim()==salt+hash);
             }
     );
-}
+}

test.js

@@ -20,4 +20,4 @@ pass.validate("myPassword", "$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/", response.bi
 pass.validate("myPass", "$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/", response.bind(this, "MD5   False", false));
 
 pass.validate("myPassword", "rqXexS6ZhobKA", response.bind(this, "CRYPT True ", true));
-pass.validate("myPass", "rqXexS6ZhobKA", response.bind(this, "CRYPT False", false));
+pass.validate("myPass", "rqXexS6ZhobKA", response.bind(this, "CRYPT False", false));