Permalink
Browse files

Use lighter weight SHA library instead of Crypto for hashing.

  • Loading branch information...
1 parent 2efb04a commit aa769ec29cc53bc76e0dbf97c7e0a23fcbabf30d @jgm committed Nov 23, 2008
Showing with 6 additions and 7 deletions.
  1. +4 −4 Gitit.hs
  2. +2 −3 Gitit/State.hs
View
@@ -39,15 +39,15 @@ import qualified Text.XHtml as X ( password, method )
import Data.List (intersect, intersperse, intercalate, sort, nub, sortBy, isSuffixOf)
import Data.Maybe (fromMaybe, fromJust, mapMaybe, isNothing)
import Data.ByteString.UTF8 (fromString)
+import qualified Data.ByteString.Lazy.UTF8 as L (fromString)
import qualified Data.Map as M
import Data.Ord (comparing)
-import qualified Data.Digest.SHA512 as SHA512 (hash)
+import Data.Digest.Pure.SHA (sha512, showDigest)
import Paths_gitit
import Text.Pandoc
import Text.Pandoc.ODT (saveOpenDocumentAsODT)
import Text.Pandoc.Definition (processPandoc)
import Text.Pandoc.Shared (HTMLMathMethod(..), substitute)
-import Data.ByteString.Internal (c2w)
import Data.Char (isAlphaNum, isAlpha)
import Codec.Binary.UTF8.String (decodeString)
import Control.Monad.Reader
@@ -956,7 +956,7 @@ loginUser _ params = do
let pword = pPassword params
let destination = pDestination params
cfg <- query GetConfig
- let passwordHash = SHA512.hash $ map c2w $ passwordSalt cfg ++ pword
+ let passwordHash = showDigest $ sha512 $ L.fromString $ passwordSalt cfg ++ pword
allowed <- query $ AuthUser uname passwordHash
if allowed
then do
@@ -1027,7 +1027,7 @@ registerUser _ params = do
, (not (null fakeField), "You do not seem human enough.") ] -- fakeField is hidden in CSS (honeypot)
if null errors
then do
- let passwordHash = SHA512.hash $ map c2w $ passwordSalt cfg ++ pword
+ let passwordHash = showDigest $ sha512 $ L.fromString $ passwordSalt cfg ++ pword
update $ AddUser uname (User { uUsername = uname, uPassword = passwordHash, uEmail = email })
loginUser "/" (params { pUsername = uname, pPassword = pword })
else formattedPage (defaultPageLayout { pgShowPageTools = False, pgTabs = [], pgTitle = "Register for an account" })
View
@@ -33,7 +33,6 @@ import Data.Generics hiding ((:+:))
import HAppS.State
import HAppS.Data
import GHC.Conc (STM)
-import Codec.Utils (Octet)
-- | Data structure for information read from config file.
data Config = Config {
@@ -86,7 +85,7 @@ data Sessions a = Sessions {unsession::M.Map SessionKey a}
data User = User {
uUsername :: String,
- uPassword :: [Octet], -- password stored as MD5 hash
+ uPassword :: String, -- password stored as SHA512 hash
uEmail :: String
} deriving (Show,Read,Typeable,Data)
@@ -138,7 +137,7 @@ addUser name u = modUsers $ M.insert name u
delUser :: MonadState AppState m => String -> m ()
delUser name = modUsers $ M.delete name
-authUser :: MonadReader AppState m => String -> [Octet] -> m Bool
+authUser :: MonadReader AppState m => String -> String -> m Bool
authUser name pass = do
users' <- askUsers
case M.lookup name users' of

0 comments on commit aa769ec

Please sign in to comment.