KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-10-29 18:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Better hiding of passwords, hiding cookie-logins better

Browse Source
This commit is contained in:
Kasper Rynning-Tønnesen
2018-09-26 22:33:33 +02:00
parent 7ab5d4f399
commit c136199269
9 changed files with 140 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
server/handlers/list_settings.js
View File

@@ -45,7 +45,7 @@ function password(inp, coll, guid, offline, socket) {
pw = Functions.hash_pass(Functions.decrypt_string(pw), true);
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 8");
Functions.getSessionAdminUser(sessionId, coll, function(userpass, adminpass) {
adminpass = Functions.hash_pass(adminpass);
db.collection(coll + "_settings").find(function(err, docs){
if(docs !== null && docs.length !== 0)
{
@@ -61,7 +61,7 @@ function password(inp, coll, guid, offline, socket) {
socket.emit("pw", true);
});
});
} else if(docs[0].adminpass === "" || docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass), true))) {
} else if(docs[0].adminpass === "" || docs[0].adminpass == adminpass) {
Functions.setSessionAdminPass(sessionId, inp.password, coll, function() {
db.collection(coll + "_settings").update({ id: "config" }, {$set:{adminpass:Functions.hash_pass(pw)}}, function(err, docs){
if(adminpass != pw) {
@@ -117,7 +117,6 @@ function conf_function(params, coll, guid, offline, socket) {
if(gotten) {
params.adminpass = adminpass;
if(!params.userpass_changed) params.userpass = userpass;
}
if(!params.hasOwnProperty('voting') || !params.hasOwnProperty('addsongs') ||
!params.hasOwnProperty('longsongs') || !params.hasOwnProperty('frontpage') ||
@@ -191,13 +190,19 @@ function conf_function(params, coll, guid, offline, socket) {
var description = "";
var hash;
if(params.description) description = params.description;
if(adminpass !== "") {
if(adminpass !== "" && !gotten) {
hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass), true));
} else if(adminpass !== "" && gotten) {
hash = Functions.hash_pass(adminpass);
} else {
hash = adminpass;
}
if(userpass != "") {
userpass = crypto.createHash('sha256').update(userpass).digest("base64");
if(!params.userpass_changed && gotten) {
} else {
userpass = crypto.createHash('sha256').update(userpass).digest("base64");
}
}
db.collection(coll + "_settings").find({id: "config"}, function(err, docs){
if(docs !== null && docs.length !== 0 && (docs[0].adminpass === "" || docs[0].adminpass == hash)) {
@@ -221,7 +226,7 @@ function conf_function(params, coll, guid, offline, socket) {
db.collection(coll + "_settings").update({ id: "config" }, {
$set:obj
}, function(err, docs){
Functions.setSessionUserPass(Functions.getSession(socket), params.userpass, coll, function() {
Functions.setSessionUserPass(Functions.getSession(socket), crypto.createHash('sha256').update(Functions.decrypt_string(params.userpass)).digest('base64'), coll, function() {
db.collection(coll + "_settings").find(function(err, docs){
if(docs[0].adminpass !== "") docs[0].adminpass = true;
if(docs[0].hasOwnProperty("userpass") && docs[0].userpass != "") docs[0].userpass = true;