added support for sha256crypt

2024-11-10 09:32:28 +08:00 · 2020-10-08 11:32:48 +03:00 · 2020-10-08 11:32:48 +03:00 · 9e75853560
commit 9e75853560
parent 4749ab21bb
6 changed files with 11 additions and 9 deletions
--- a/docs/api/api_data.js
+++ b/docs/api/api_data.js
@ -13193,7 +13193,7 @@ define({ "api": [
            "type": "Boolean",
            "optional": true,
            "field": "hashedPassword",
-            "description": "<p>If <code>true</code> then password is already hashed, so store as. Supported hashes: pbkdf2, bcrypt ($2a, $2y, $2b), md5 ($1), sha256 ($6), sha512 ($6), argon2 ($argon2, $argon2d, $argon2id). Stored hashes are rehashed to pbkdf2 on first successful password check.</p>"
+            "description": "<p>If <code>true</code> then password is already hashed, so store as. Supported hashes: pbkdf2, bcrypt ($2a, $2y, $2b), md5 ($1), sha512 ($6), sha256 ($5), argon2 ($argon2d, $argon2i, $argon2id). Stored hashes are rehashed to pbkdf2 on first successful password check.</p>"
          },
          {
            "group": "Parameter",
@ -13753,7 +13753,7 @@ define({ "api": [
            "type": "Boolean",
            "optional": true,
            "field": "hashedPassword",
-            "description": "<p>If <code>true</code> then password is already hashed, so store as. Supported hashes: pbkdf2, bcrypt ($2a, $2y, $2b), md5 ($1), sha256 ($6), sha512 ($6), argon2 ($argon2, $argon2d, $argon2id). Stored hashes are rehashed to pbkdf2 on first successful password check.</p>"
+            "description": "<p>If <code>true</code> then password is already hashed, so store as. Supported hashes: pbkdf2, bcrypt ($2a, $2y, $2b), md5 ($1), sha512 ($6), sha256 ($5), argon2 ($argon2d, $argon2i, $argon2id). Stored hashes are rehashed to pbkdf2 on first successful password check.</p>"
          },
          {
            "group": "Parameter",
--- a/docs/api/api_data.json
+++ b/docs/api/api_data.json
@ -13193,7 +13193,7 @@
            "type": "Boolean",
            "optional": true,
            "field": "hashedPassword",
-            "description": "<p>If <code>true</code> then password is already hashed, so store as. Supported hashes: pbkdf2, bcrypt ($2a, $2y, $2b), md5 ($1), sha256 ($6), sha512 ($6), argon2 ($argon2, $argon2d, $argon2id). Stored hashes are rehashed to pbkdf2 on first successful password check.</p>"
+            "description": "<p>If <code>true</code> then password is already hashed, so store as. Supported hashes: pbkdf2, bcrypt ($2a, $2y, $2b), md5 ($1), sha512 ($6), sha256 ($5), argon2 ($argon2d, $argon2i, $argon2id). Stored hashes are rehashed to pbkdf2 on first successful password check.</p>"
          },
          {
            "group": "Parameter",
@ -13753,7 +13753,7 @@
            "type": "Boolean",
            "optional": true,
            "field": "hashedPassword",
-            "description": "<p>If <code>true</code> then password is already hashed, so store as. Supported hashes: pbkdf2, bcrypt ($2a, $2y, $2b), md5 ($1), sha256 ($6), sha512 ($6), argon2 ($argon2, $argon2d, $argon2id). Stored hashes are rehashed to pbkdf2 on first successful password check.</p>"
+            "description": "<p>If <code>true</code> then password is already hashed, so store as. Supported hashes: pbkdf2, bcrypt ($2a, $2y, $2b), md5 ($1), sha512 ($6), sha256 ($5), argon2 ($argon2d, $argon2i, $argon2id). Stored hashes are rehashed to pbkdf2 on first successful password check.</p>"
          },
          {
            "group": "Parameter",
--- a/docs/api/api_project.js
+++ b/docs/api/api_project.js
@ -9,7 +9,7 @@ define({
  "apidoc": "0.3.0",
  "generator": {
    "name": "apidoc",
-    "time": "2020-10-08T07:51:33.367Z",
+    "time": "2020-10-08T08:32:35.425Z",
    "url": "https://apidocjs.com",
    "version": "0.25.0"
  }
--- a/docs/api/api_project.json
+++ b/docs/api/api_project.json
@ -9,7 +9,7 @@
  "apidoc": "0.3.0",
  "generator": {
    "name": "apidoc",
-    "time": "2020-10-08T07:51:33.367Z",
+    "time": "2020-10-08T08:32:35.425Z",
    "url": "https://apidocjs.com",
    "version": "0.25.0"
  }
--- a/lib/api/users.js
+++ b/lib/api/users.js
@ -340,7 +340,7 @@ module.exports = (db, server, userHandler) => {
     * @apiParam {String} username Username of the User. Dots are allowed but informational only (<em>"user.name"</em> is the same as <em>"username"</em>).
     * @apiParam {String} [name] Name of the User
     * @apiParam {String} password Password for the account. Set to boolean <code>false</code> to disable password usage
-     * @apiParam {Boolean} [hashedPassword] If <code>true</code> then password is already hashed, so store as. Supported hashes: pbkdf2, bcrypt ($2a, $2y, $2b), md5 ($1), sha256 ($6), sha512 ($6), argon2 ($argon2, $argon2d, $argon2id). Stored hashes are rehashed to pbkdf2 on first successful password check.
+     * @apiParam {Boolean} [hashedPassword] If <code>true</code> then password is already hashed, so store as. Supported hashes: pbkdf2, bcrypt ($2a, $2y, $2b), md5 ($1), sha512 ($6), sha256 ($5), argon2 ($argon2d, $argon2i, $argon2id). Stored hashes are rehashed to pbkdf2 on first successful password check.
     * @apiParam {Boolean} [allowUnsafe=true] If <code>false</code> then validates provided passwords against Have I Been Pwned API. Experimental, so validation is disabled by default but will be enabled automatically in some future version of WildDuck.
     * @apiParam {String} [address] Default email address for the User (autogenerated if not set)
     * @apiParam {Boolean} [emptyAddress] If true then do not autogenerate missing email address for the User. Only needed if you want to create a user account that does not have any email address associated
@ -1156,7 +1156,7 @@ module.exports = (db, server, userHandler) => {
     * @apiParam {String} [name] Name of the User
     * @apiParam {String} [existingPassword] If provided then validates against account password before applying any changes
     * @apiParam {String} [password] New password for the account. Set to boolean <code>false</code> to disable password usage
-     * @apiParam {Boolean} [hashedPassword] If <code>true</code> then password is already hashed, so store as. Supported hashes: pbkdf2, bcrypt ($2a, $2y, $2b), md5 ($1), sha256 ($6), sha512 ($6), argon2 ($argon2, $argon2d, $argon2id). Stored hashes are rehashed to pbkdf2 on first successful password check.
+     * @apiParam {Boolean} [hashedPassword] If <code>true</code> then password is already hashed, so store as. Supported hashes: pbkdf2, bcrypt ($2a, $2y, $2b), md5 ($1), sha512 ($6), sha256 ($5), argon2 ($argon2d, $argon2i, $argon2id). Stored hashes are rehashed to pbkdf2 on first successful password check.
     * @apiParam {Boolean} [allowUnsafe=true] If <code>false</code> then validates provided passwords against Have I Been Pwned API. Experimental, so validation is disabled by default but will be enabled automatically in some future version of WildDuck.
     * @apiParam {String[]} [tags] A list of tags associated with this user
     * @apiParam {Number} [retention] Default retention time in ms. Set to <code>0</code> to disable
--- a/lib/hashes.js
+++ b/lib/hashes.js
@ -86,7 +86,8 @@ function checkHashSupport(hash) {
        case '2b':
        case '2y':
            return { result: true, algo: 'bcrypt' };
-        case '6':
+        case '6': // sha512crypt
+        case '5': // sha256crypt
            return { result: true, algo: 'unixcrypt' };

        case 'argon2d':
@ -122,6 +123,7 @@ module.exports.shouldRehash = hash => {

        // Always rehash the following algos
        case '6': // sha512crypt
+        case '5': // sha256crypt
        case '1': // md5
        case 'argon2d': // Argon2 (mostly because we are using an inefficient implementation)
        case 'argon2i':