Compatibilité bcrypt.js oubliée

Corrige https://github.com/marienfressinaud/FreshRSS/issues/396 + Ajoute de meilleurs messages d'erreur
11 years ago · 7a510af73a
parent 1031c19779
commit 7a510af73a
4 changed files with 16 additions and 9 deletions
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@ -320,6 +320,8 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 				} catch (Minz_Exception $me) {
 					Minz_Log::record('Login failure: ' . $me->getMessage(), Minz_Log::WARNING);
 				}
+			} else {
+				Minz_Log::record('Invalid credential parameters: user=' . $username . ' challenge=' . $c . ' nonce=' . $nonce, Minz_Log::DEBUG);
 			}
 			if (!$ok) {
 				$notif = array(
--- a/app/Controllers/javascriptController.php
+++ b/app/Controllers/javascriptController.php
@ -37,7 +37,7 @@ class FreshRSS_javascript_Controller extends Minz_ActionController {
 					return;	//Success
 				}
 			} catch (Minz_Exception $me) {
-				Minz_Log::record('Login failure: ' . $me->getMessage(), Minz_Log::WARNING);
+				Minz_Log::record('Nonce failure: ' . $me->getMessage(), Minz_Log::WARNING);
 			}
 		}
 		$this->view->nonce = '';	//Failure
--- a/app/Controllers/usersController.php
+++ b/app/Controllers/usersController.php
@ -106,6 +106,7 @@ class FreshRSS_users_Controller extends Minz_ActionController {
 					}
 					$passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST));
 					$passwordPlain = '';
+					$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);	//Compatibility with bcrypt.js
 					$ok &= ($passwordHash != '');
 				}
 				if (empty($passwordHash)) {
--- a/p/scripts/main.js
+++ b/p/scripts/main.js
@ -626,14 +626,18 @@ function init_loginForm() {
 			if (data.salt1 == '' || data.nonce == '') {
 				alert('Invalid user!');
 			} else {
-				var strong = window.Uint32Array && window.crypto && (typeof window.crypto.getRandomValues === 'function'),
-					s = dcodeIO.bcrypt.hashSync($('#passwordPlain').val(), data.salt1),
-					c = dcodeIO.bcrypt.hashSync(data.nonce + s, strong ? 4 : poormanSalt());
-				$('#challenge').val(c);
-				if (s == '' || c == '') {
-					alert('Crypto error!');
-				} else {
-					success = true;
+				try {
+					var strong = window.Uint32Array && window.crypto && (typeof window.crypto.getRandomValues === 'function'),
+						s = dcodeIO.bcrypt.hashSync($('#passwordPlain').val(), data.salt1),
+						c = dcodeIO.bcrypt.hashSync(data.nonce + s, strong ? 4 : poormanSalt());
+					$('#challenge').val(c);
+					if (s == '' || c == '') {
+						alert('Crypto error!');
+					} else {
+						success = true;
+					}
+				} catch (e) {
+					alert('Crypto exception! ' + e);
 				}
 			}
 		}).fail(function() {