Teach Credential::Password about base64 encoded passwords. Also include a
Cory G Watson [Thu, 16 Mar 2006 16:46:27 +0000 (16:46 +0000)]
condition for padded base64 such as OpenSSL.

lib/Catalyst/Plugin/Authentication/Credential/Password.pm
t/live_app.t

index 2428795..406a79e 100644 (file)
@@ -77,11 +77,14 @@ sub _check_password {
         $d->add($password);
         $d->add( $user->password_post_salt || '' );
 
-        my $stored   = $user->hashed_password;
-        my $computed = $d->digest;
+        my $stored      = $user->hashed_password;
+        my $computed    = $d->clone()->digest;
+        my $b64computed = $d->clone()->b64digest;
 
         return ( ( $computed eq $stored )
-              || ( unpack( "H*", $computed ) eq $stored ) );
+              || ( unpack( "H*", $computed ) eq $stored )
+              || ( $b64computed eq $stored)
+              || ( $b64computed.'=' eq $stored) );
     }
     elsif ( $user->supports(qw/password salted_hash/) ) {
         require Crypt::SaltedHash;
index 260a8ea..ebb0c29 100644 (file)
@@ -17,6 +17,7 @@ use Test::More 'no_plan';
        use Test::Exception;
 
        use Digest::MD5 qw/md5/;
+    use Digest::SHA1 qw/sha1_base64/;
 
        our $users;
 
@@ -44,6 +45,14 @@ use Test::More 'no_plan';
                is( $c->user, $users->{gorch}, "user object is in proper place");
                $c->logout;
 
+               ok($c->login("shabaz", "s3cr3t"), "can login with base64 hashed");
+               is( $c->user, $users->{shabaz}, "user object is in proper place");
+               $c->logout;
+
+               ok($c->login("sadeek", "s3cr3t"), "can login with padded base64 hashed");
+               is( $c->user, $users->{sadeek}, "user object is in proper place");
+               $c->logout;
+
                ok(!$c->login( "bar", "bad pass" ), "can't login with bad password");
                ok(!$c->user, "no user");
 
@@ -63,6 +72,14 @@ use Test::More 'no_plan';
                        hashed_password => md5("s3cr3t"),
                        hash_algorithm => "MD5",
                },
+        shabaz => {
+            hashed_password => sha1_base64("s3cr3t"),
+            hash_algorithm => "SHA-1"
+        },
+        sadeek => {
+            hashed_password => sha1_base64("s3cr3t").'=',
+            hash_algorithm => "SHA-1"
+        },
                baz => {},
        };