Mercurial > prosody-modules
diff mod_auth_phpbb3/mod_auth_phpbb3.lua @ 2168:28d99ffa3c06
mod_auth_phpbb3: Add support for verifying bcrypt hashes (thanks bios)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 30 Apr 2016 19:09:45 +0200 |
| parents | 7dbde05b48a9 |
| children |
line wrap: on
line diff
--- a/mod_auth_phpbb3/mod_auth_phpbb3.lua Wed Apr 27 21:48:13 2016 +0200 +++ b/mod_auth_phpbb3/mod_auth_phpbb3.lua Sat Apr 30 19:09:45 2016 +0200 @@ -10,6 +10,7 @@ local DBI = require "DBI" local md5 = require "util.hashes".md5; local uuid_gen = require "util.uuid".generate; +local have_bcrypt, bcrypt = pcall(require, "bcrypt"); -- available from luarocks local connection; local params = module:get_option("sql"); @@ -176,7 +177,10 @@ end local function phpbbCheckHash(password, hash) if #hash == 32 then return hash == md5(password, true); end -- legacy PHPBB2 hash - return #hash == 34 and hashCryptPrivate(password, hash) == hash; + if #hash == 34 then return hashCryptPrivate(password, hash) == hash; end + if #hash == 60 and have_bcrypt then return bcrypt.verify(password, hash); end + module:log("error", "Unsupported hash: %s", hash); + return false; end local function phpbbCreateHash(password) local random = uuid_gen():sub(-6);