Skip to content

Loading…

Added param option to password generation #2

Merged
merged 1 commit into from

1 participant

@ghost

Added support for MD5 so far.

@andris9 andris9 merged commit 288043a into andris9:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jul 13, 2012
  1. Enabled selection of algorithm and digest

    Roman Geber committed
Showing with 32 additions and 20 deletions.
  1. +31 −19 pass.js
  2. +1 −1 test.js
View
50 pass.js
@@ -5,19 +5,26 @@ var crypto = require("crypto"),
* pass.generate(password, callback) -> undefined
* - password (String): password to be used as hash source
* - callback (Function): callback
- *
- * Generates an Apache htpasswd password (SHA1)
+ * - param (object): used for algorithm and digest parameter
+ *
+ * Generates an Apache htpasswd password
**/
-exports.generate = function(password, callback){
+exports.generate = function(password, callback, param){
+ if (!param) param = {};
var c;
+ var algorithm = param.algorithm ? param.algorithm : 'sha1';
+ var digest = param.digest ? param.digest : 'base64';
+
+ var hash_prefix = {sha1: '{SHA}', md5: '$apr1$'};
+
try{
- var c = crypto.createHash("sha1");
+ var c = crypto.createHash(algorithm);
c.update(password);
- c = c.digest("base64");
+ c = c.digest(digest);
}catch(E){
return callback && callback(E, null);
}
- callback && callback(null, "{SHA}"+c);
+ callback && callback(null, hash_prefix[algorithm] + c);
}
/**
@@ -25,17 +32,17 @@ exports.generate = function(password, callback){
* - password (String): password to be validated
* - hash (String): password hash to be checked against
* - callback (Function): callback
- *
+ *
* Checks if an Apache htpasswd password matches with its hash.
**/
exports.validate = function(password, hash, callback){
-
+
callback = callback || function(){};
password = password || "";
hash = hash && hash.trim() || "";
-
+
var salt = "", parts;
-
+
//SHA - {SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE= (myPassword)
if(hash.substr(0,5)=="{SHA}"){
hash = hash.substr(5);
@@ -58,7 +65,7 @@ exports.validate = function(password, hash, callback){
hash = hash.substr(2);
return validate_crypt(password, hash, salt, callback);
}
-
+
// PLAIN
return callback(null, password==hash);
}
@@ -69,19 +76,24 @@ exports.validate = function(password, hash, callback){
* - password (String): password to be validated
* - hash (String): password hash to be checked against
* - callback (Function): callback
- *
+ * - param (object): used to specify algorithm
+ *
* Validates a SHA1 password
**/
-function validate_sha(password, hash, callback){
+function validate_sha(password, hash, callback, param){
+ if (!param) param = {};
var c;
+ var algorithm = param.algorithm ? param.algorithm : 'sha1';
+ var digest = param.digest ? param.digest : 'base64';
+
try{
- c = crypto.createHash("sha1");
+ c = crypto.createHash(algorithm);
c.update(password);
- c = c.digest("base64");
+ c = c.digest(digest);
}catch(E){
return callback(E, null);
}
- callback(null, c==hash);
+ callback(null, c==hash);
}
/**
@@ -89,7 +101,7 @@ function validate_sha(password, hash, callback){
* - password (String): password to be validated
* - hash (String): password hash to be checked against
* - callback (Function): callback
- *
+ *
* Validates an APR1/MD5 password
**/
function validate_md5(password, hash, salt, callback){
@@ -109,7 +121,7 @@ function validate_md5(password, hash, salt, callback){
* - password (String): password to be validated
* - hash (String): password hash to be checked against
* - callback (Function): callback
- *
+ *
* Validates a Linux crypt(3) password
**/
function validate_crypt(password, hash, salt, callback){
@@ -122,4 +134,4 @@ function validate_crypt(password, hash, salt, callback){
callback(null, stdout && stdout.trim()==salt+hash);
}
);
-}
+}
View
2 test.js
@@ -20,4 +20,4 @@ pass.validate("myPassword", "$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/", response.bi
pass.validate("myPass", "$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/", response.bind(this, "MD5 False", false));
pass.validate("myPassword", "rqXexS6ZhobKA", response.bind(this, "CRYPT True ", true));
-pass.validate("myPass", "rqXexS6ZhobKA", response.bind(this, "CRYPT False", false));
+pass.validate("myPass", "rqXexS6ZhobKA", response.bind(this, "CRYPT False", false));
Something went wrong with that request. Please try again.