Added some sanity checks to password hashing scripts.

This commit is contained in:
baldo 2022-07-14 10:45:56 +02:00
parent bc304d9bfa
commit 1f44e3c694
3 changed files with 72 additions and 5 deletions

View file

@ -5,6 +5,9 @@ const saltRounds = 10;
const stdout = process.stdout const stdout = process.stdout
const stdin = process.stdin const stdin = process.stdin
const argv = process.argv;
const checkHash = argv.length > 2 ? argv[2] : undefined;
let password = ''; let password = '';
@ -19,6 +22,13 @@ process.stdin.on('end', () => {
if (password[password.length - 1] === '\n') { if (password[password.length - 1] === '\n') {
password = password.substring(0, password.length - 1); password = password.substring(0, password.length - 1);
} }
if (checkHash !== undefined) {
const validPassword = bcrypt.compareSync(password, checkHash);
stdout.write(`${validPassword ? 'Valid password' : 'Invalid password'}\n`);
process.exit(validPassword ? 0 : 255);
} else {
const hash = bcrypt.hashSync(password, saltRounds); const hash = bcrypt.hashSync(password, saltRounds);
stdout.write(`${hash}\n`); stdout.write(`${hash}\n`);
}
}); });

30
bin/check-passwd.sh Executable file
View file

@ -0,0 +1,30 @@
#!/usr/bin/env bash
set -e
cd "$(dirname "${BASH_SOURCE[0]}")"
if [[ "$#" -ne 1 ]]; then
echo "usage: check-passwd.sh '[password hash]'"
exit 1
fi
password_hash="$1"
if ! [[ "$password_hash" =~ ^\$2[ab]\$[0-9]+\$.{53}$ ]]; then
echo "Invalid password hash. Did you forget to quote it in '...'?"
exit 1
fi
while :; do
read -sp "Password: " password
echo
if node ./bcrypt.js "$password_hash" <<<"$password"; then
break
fi
echo
echo "Passwords do not match, try again."
echo
done

View file

@ -4,20 +4,47 @@ set -e
cd "$(dirname "${BASH_SOURCE[0]}")" cd "$(dirname "${BASH_SOURCE[0]}")"
function hash() {
local password="$1"
node ./bcrypt.js <<<"$password"
}
function check() {
local password="$1"
local hash="$2"
node ./bcrypt.js "$hash" <<<"$password" > /dev/null
}
while :; do while :; do
read -sp "Password: " password read -sp "Password: " password
echo echo
if [[ -z "$password" ]]; then
echo
echo "Your input was empty. Pleas provide a password."
echo
continue
fi
read -sp "Confirm: " confirmation read -sp "Confirm: " confirmation
echo echo
if [[ "$password" == "$confirmation" ]]; then if ! [[ "$password" == "$confirmation" ]]; then
echo
echo "Passwords do not match, try again."
echo
continue
fi
password_hash=$(hash "$password")
if check "$password" "$password_hash"; then
break break
fi fi
echo echo
echo "Passwords do not match, try again." echo "Failed to verify password after hashing. This should not happen."
echo echo
done done
exec node ./bcrypt.js <<<"$password" echo
echo "$password_hash"