fixup

2019-05-21 11:16:20 +02:00 · 2019-05-21 11:16:20 +02:00 · 580459b679
parent 34956871d7
commit 580459b679
1 changed files with 37 additions and 0 deletions
--- a/JlSonic/login.jl
+++ b/JlSonic/login.jl
@ -0,0 +1,37 @@
+import MD5
+
+function isuser(n::AbstractString, users)::Union{Nothing,User}
+    m = findfirst(u -> u.name == n, users)
+    m === nothing ? nothing : users[m]
+end
+
+checksalt(u::User, s, t) = checksalt(u.password, s, t)
+checksalt(p, s, t) = bytes2hex(MD5.md5(string(p, s))) == t
+
+function passcomp(a, b)
+    ## FIXME: Use Nettle.jl to compare passwords and prevent time attacks
+    sleep(Random.rand())
+    a == b
+end
+
+checkpass(u::User, p::AbstractString) = checkpass(u.password, p)
+function checkpass(p1::AbstractString, p2::AbstractString)::Bool
+    startswith(p2, "enc:") && return passcomp(String(hex2bytes(split(p2, ":")[2])),p1)
+    passcomp(p1, p2)
+end
+
+function checkpass(name::AbstractString,
+                   salt::AbstractString, token::AbstractString,
+                   password::AbstractString)::Union{Nothing,User}
+    global users
+    isempty(name) && return nothing
+    user = isuser(name, users)
+    user == nothing && return nothing
+    
+    if !isempty(salt)
+        checksalt(user, salt, token) && return user
+    elseif !isempty(password)
+        checkpass(user, password) && return user
+    end
+    nothing
+end