Added some sanity checks to password hashing scripts.

This commit is contained in:
baldo 2022-07-14 10:45:56 +02:00
parent bc304d9bfa
commit 1f44e3c694
3 changed files with 72 additions and 5 deletions

View file

@ -5,6 +5,9 @@ const saltRounds = 10;
const stdout = process.stdout
const stdin = process.stdin
const argv = process.argv;
const checkHash = argv.length > 2 ? argv[2] : undefined;
let password = '';
@ -19,6 +22,13 @@ process.stdin.on('end', () => {
if (password[password.length - 1] === '\n') {
password = password.substring(0, password.length - 1);
}
if (checkHash !== undefined) {
const validPassword = bcrypt.compareSync(password, checkHash);
stdout.write(`${validPassword ? 'Valid password' : 'Invalid password'}\n`);
process.exit(validPassword ? 0 : 255);
} else {
const hash = bcrypt.hashSync(password, saltRounds);
stdout.write(`${hash}\n`);
}
});

30
bin/check-passwd.sh Executable file
View file

@ -0,0 +1,30 @@
#!/usr/bin/env bash
set -e
cd "$(dirname "${BASH_SOURCE[0]}")"
if [[ "$#" -ne 1 ]]; then
echo "usage: check-passwd.sh '[password hash]'"
exit 1
fi
password_hash="$1"
if ! [[ "$password_hash" =~ ^\$2[ab]\$[0-9]+\$.{53}$ ]]; then
echo "Invalid password hash. Did you forget to quote it in '...'?"
exit 1
fi
while :; do
read -sp "Password: " password
echo
if node ./bcrypt.js "$password_hash" <<<"$password"; then
break
fi
echo
echo "Passwords do not match, try again."
echo
done

View file

@ -4,20 +4,47 @@ set -e
cd "$(dirname "${BASH_SOURCE[0]}")"
function hash() {
local password="$1"
node ./bcrypt.js <<<"$password"
}
function check() {
local password="$1"
local hash="$2"
node ./bcrypt.js "$hash" <<<"$password" > /dev/null
}
while :; do
read -sp "Password: " password
echo
if [[ -z "$password" ]]; then
echo
echo "Your input was empty. Pleas provide a password."
echo
continue
fi
read -sp "Confirm: " confirmation
echo
if [[ "$password" == "$confirmation" ]]; then
if ! [[ "$password" == "$confirmation" ]]; then
echo
echo "Passwords do not match, try again."
echo
continue
fi
password_hash=$(hash "$password")
if check "$password" "$password_hash"; then
break
fi
echo
echo "Passwords do not match, try again."
echo "Failed to verify password after hashing. This should not happen."
echo
done
exec node ./bcrypt.js <<<"$password"
echo
echo "$password_hash"