Added some sanity checks to password hashing scripts.
This commit is contained in:
baldo
parent
bc304d9bfa
commit
1f44e3c694
|
|
@ -5,6 +5,9 @@ const saltRounds = 10;
|
||||||
|
|
||||||
const stdout = process.stdout
|
const stdout = process.stdout
|
||||||
const stdin = process.stdin
|
const stdin = process.stdin
|
||||||
|
const argv = process.argv;
|
||||||
|
|
||||||
|
const checkHash = argv.length > 2 ? argv[2] : undefined;
|
||||||
|
|
||||||
let password = '';
|
let password = '';
|
||||||
|
|
||||||
|
|
@ -19,6 +22,13 @@ process.stdin.on('end', () => {
|
||||||
if (password[password.length - 1] === '\n') {
|
if (password[password.length - 1] === '\n') {
|
||||||
password = password.substring(0, password.length - 1);
|
password = password.substring(0, password.length - 1);
|
||||||
}
|
}
|
||||||
const hash = bcrypt.hashSync(password, saltRounds);
|
|
||||||
stdout.write(`${hash}\n`);
|
if (checkHash !== undefined) {
|
||||||
|
const validPassword = bcrypt.compareSync(password, checkHash);
|
||||||
|
stdout.write(`${validPassword ? 'Valid password' : 'Invalid password'}\n`);
|
||||||
|
process.exit(validPassword ? 0 : 255);
|
||||||
|
} else {
|
||||||
|
const hash = bcrypt.hashSync(password, saltRounds);
|
||||||
|
stdout.write(`${hash}\n`);
|
||||||
|
}
|
||||||
});
|
});
|
||||||
|
|
|
||||||
30
bin/check-passwd.sh
Executable file
30
bin/check-passwd.sh
Executable file
|
|
@ -0,0 +1,30 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
cd "$(dirname "${BASH_SOURCE[0]}")"
|
||||||
|
|
||||||
|
if [[ "$#" -ne 1 ]]; then
|
||||||
|
echo "usage: check-passwd.sh '[password hash]'"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
password_hash="$1"
|
||||||
|
|
||||||
|
if ! [[ "$password_hash" =~ ^\$2[ab]\$[0-9]+\$.{53}$ ]]; then
|
||||||
|
echo "Invalid password hash. Did you forget to quote it in '...'?"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
while :; do
|
||||||
|
read -sp "Password: " password
|
||||||
|
echo
|
||||||
|
|
||||||
|
if node ./bcrypt.js "$password_hash" <<<"$password"; then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo
|
||||||
|
echo "Passwords do not match, try again."
|
||||||
|
echo
|
||||||
|
done
|
||||||
|
|
@ -4,20 +4,47 @@ set -e
|
||||||
|
|
||||||
cd "$(dirname "${BASH_SOURCE[0]}")"
|
cd "$(dirname "${BASH_SOURCE[0]}")"
|
||||||
|
|
||||||
|
function hash() {
|
||||||
|
local password="$1"
|
||||||
|
node ./bcrypt.js <<<"$password"
|
||||||
|
}
|
||||||
|
|
||||||
|
function check() {
|
||||||
|
local password="$1"
|
||||||
|
local hash="$2"
|
||||||
|
node ./bcrypt.js "$hash" <<<"$password" > /dev/null
|
||||||
|
}
|
||||||
|
|
||||||
while :; do
|
while :; do
|
||||||
read -sp "Password: " password
|
read -sp "Password: " password
|
||||||
echo
|
echo
|
||||||
|
|
||||||
|
if [[ -z "$password" ]]; then
|
||||||
|
echo
|
||||||
|
echo "Your input was empty. Pleas provide a password."
|
||||||
|
echo
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
read -sp "Confirm: " confirmation
|
read -sp "Confirm: " confirmation
|
||||||
echo
|
echo
|
||||||
|
|
||||||
if [[ "$password" == "$confirmation" ]]; then
|
if ! [[ "$password" == "$confirmation" ]]; then
|
||||||
|
echo
|
||||||
|
echo "Passwords do not match, try again."
|
||||||
|
echo
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
password_hash=$(hash "$password")
|
||||||
|
if check "$password" "$password_hash"; then
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo "Passwords do not match, try again."
|
echo "Failed to verify password after hashing. This should not happen."
|
||||||
echo
|
echo
|
||||||
done
|
done
|
||||||
|
|
||||||
exec node ./bcrypt.js <<<"$password"
|
echo
|
||||||
|
echo "$password_hash"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue