|
@@ -130,15 +130,11 @@ func (am *AccountManager) Register(client *Client, account string, callbackNames
|
130
|
130
|
certFPKey := fmt.Sprintf(keyCertToAccount, certfp)
|
131
|
131
|
|
132
|
132
|
var creds AccountCredentials
|
133
|
|
- // always set passphrase salt
|
134
|
|
- creds.PassphraseSalt, err = passwd.NewSalt()
|
135
|
|
- if err != nil {
|
136
|
|
- return errAccountCreation
|
137
|
|
- }
|
138
|
133
|
// it's fine if this is empty, that just means no certificate is authorized
|
139
|
134
|
creds.Certificate = certfp
|
140
|
135
|
if passphrase != "" {
|
141
|
|
- creds.PassphraseHash, err = am.server.passwords.GenerateFromPassword(creds.PassphraseSalt, passphrase)
|
|
136
|
+ creds.PassphraseHash, err = passwd.GenerateEncodedPasswordBytes(passphrase)
|
|
137
|
+ creds.PassphraseIsV2 = true
|
142
|
138
|
if err != nil {
|
143
|
139
|
am.server.logger.Error("internal", fmt.Sprintf("could not hash password: %v", err))
|
144
|
140
|
return errAccountCreation
|
|
@@ -459,8 +455,50 @@ func (am *AccountManager) AuthenticateByPassphrase(client *Client, accountName s
|
459
|
455
|
return errAccountUnverified
|
460
|
456
|
}
|
461
|
457
|
|
462
|
|
- err = am.server.passwords.CompareHashAndPassword(
|
463
|
|
- account.Credentials.PassphraseHash, account.Credentials.PassphraseSalt, passphrase)
|
|
458
|
+ if account.Credentials.PassphraseIsV2 {
|
|
459
|
+ err = passwd.ComparePassword(account.Credentials.PassphraseHash, []byte(passphrase))
|
|
460
|
+ } else {
|
|
461
|
+ // compare using legacy method
|
|
462
|
+ err = am.server.passwords.CompareHashAndPassword(account.Credentials.PassphraseHash, account.Credentials.PassphraseSalt, passphrase)
|
|
463
|
+ if err == nil {
|
|
464
|
+ // passphrase worked! silently upgrade them to use v2 hashing going forward.
|
|
465
|
+ //TODO(dan): in future, replace this with an am.updatePassphrase(blah) function, which we can reuse in /ns update pass?
|
|
466
|
+ err = am.server.store.Update(func(tx *buntdb.Tx) error {
|
|
467
|
+ var creds AccountCredentials
|
|
468
|
+ creds.Certificate = account.Credentials.Certificate
|
|
469
|
+ creds.PassphraseHash, err = passwd.GenerateEncodedPasswordBytes(passphrase)
|
|
470
|
+ creds.PassphraseIsV2 = true
|
|
471
|
+ if err != nil {
|
|
472
|
+ am.server.logger.Error("internal", fmt.Sprintf("could not hash password (updating existing hash version): %v", err))
|
|
473
|
+ return errAccountCredUpdate
|
|
474
|
+ }
|
|
475
|
+
|
|
476
|
+ credText, err := json.Marshal(creds)
|
|
477
|
+ if err != nil {
|
|
478
|
+ am.server.logger.Error("internal", fmt.Sprintf("could not marshal credentials (updating existing hash version): %v", err))
|
|
479
|
+ return errAccountCredUpdate
|
|
480
|
+ }
|
|
481
|
+ credStr := string(credText)
|
|
482
|
+
|
|
483
|
+ // we know the account name is valid if this line is reached, otherwise the
|
|
484
|
+ // above would have failed. as such, chuck out and ignore err on casefolding
|
|
485
|
+ casefoldedAccountName, _ := CasefoldName(accountName)
|
|
486
|
+ credentialsKey := fmt.Sprintf(keyAccountCredentials, casefoldedAccountName)
|
|
487
|
+
|
|
488
|
+ //TODO(dan): sling, can you please checkout this mutex usage, see if it
|
|
489
|
+ // makes sense or not? bleh
|
|
490
|
+ am.serialCacheUpdateMutex.Lock()
|
|
491
|
+ defer am.serialCacheUpdateMutex.Unlock()
|
|
492
|
+
|
|
493
|
+ tx.Set(credentialsKey, credStr, nil)
|
|
494
|
+
|
|
495
|
+ return nil
|
|
496
|
+ })
|
|
497
|
+ }
|
|
498
|
+ if err != nil {
|
|
499
|
+ return err
|
|
500
|
+ }
|
|
501
|
+ }
|
464
|
502
|
if err != nil {
|
465
|
503
|
return errAccountInvalidCredentials
|
466
|
504
|
}
|
|
@@ -680,6 +718,7 @@ var (
|
680
|
718
|
type AccountCredentials struct {
|
681
|
719
|
PassphraseSalt []byte
|
682
|
720
|
PassphraseHash []byte
|
|
721
|
+ PassphraseIsV2 bool `json:"passphrase-is-v2"`
|
683
|
722
|
Certificate string // fingerprint
|
684
|
723
|
}
|
685
|
724
|
|