Mercurial > prosody-modules
changeset 2168:28d99ffa3c06
mod_auth_phpbb3: Add support for verifying bcrypt hashes (thanks bios)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 30 Apr 2016 19:09:45 +0200 |
| parents | 24dcf496df6b |
| children | 9fa588babbba |
| files | mod_auth_phpbb3/README.markdown mod_auth_phpbb3/mod_auth_phpbb3.lua |
| diffstat | 2 files changed, 10 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_auth_phpbb3/README.markdown Wed Apr 27 21:48:13 2016 +0200 +++ b/mod_auth_phpbb3/README.markdown Sat Apr 30 19:09:45 2016 +0200 @@ -10,6 +10,11 @@ This module allows you to authenticate against an PHPBB3 database. +To support the `bcrypt` password hashing algorithm, install +[bcrypt](https://luarocks.org/modules/mikejsavage/bcrypt) from luarocks: + + luarocks install bcrypt + Configuration =============
--- a/mod_auth_phpbb3/mod_auth_phpbb3.lua Wed Apr 27 21:48:13 2016 +0200 +++ b/mod_auth_phpbb3/mod_auth_phpbb3.lua Sat Apr 30 19:09:45 2016 +0200 @@ -10,6 +10,7 @@ local DBI = require "DBI" local md5 = require "util.hashes".md5; local uuid_gen = require "util.uuid".generate; +local have_bcrypt, bcrypt = pcall(require, "bcrypt"); -- available from luarocks local connection; local params = module:get_option("sql"); @@ -176,7 +177,10 @@ end local function phpbbCheckHash(password, hash) if #hash == 32 then return hash == md5(password, true); end -- legacy PHPBB2 hash - return #hash == 34 and hashCryptPrivate(password, hash) == hash; + if #hash == 34 then return hashCryptPrivate(password, hash) == hash; end + if #hash == 60 and have_bcrypt then return bcrypt.verify(password, hash); end + module:log("error", "Unsupported hash: %s", hash); + return false; end local function phpbbCreateHash(password) local random = uuid_gen():sub(-6);