Skip to content
This repository has been archived by the owner on Jul 18, 2024. It is now read-only.

Commit

Permalink
fix: base64 password hash in file members provider to avoid json issues.
Browse files Browse the repository at this point in the history
  • Loading branch information
m1k1o committed Feb 14, 2024
1 parent 9353773 commit ce3830f
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 1 deletion.
4 changes: 3 additions & 1 deletion internal/member/file/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package file

import (
"crypto/sha256"
"encoding/base64"
"encoding/json"
"io"
"os"
Expand All @@ -27,7 +28,8 @@ func (provider *MemberProviderCtx) hash(password string) string {

sha256 := sha256.New()
sha256.Write([]byte(password))
return string(sha256.Sum(nil))
hashedPassword := sha256.Sum(nil)
return base64.StdEncoding.EncodeToString(hashedPassword)
}

func (provider *MemberProviderCtx) Connect() error {
Expand Down
48 changes: 48 additions & 0 deletions internal/member/file/provider_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
package file

import (
"encoding/json"
"testing"

"github.com/demodesk/neko/pkg/utils"
)

// Ensure that hashes are the same after encoding and decoding using json
func TestMemberProviderCtx_hash(t *testing.T) {
provider := &MemberProviderCtx{
config: Config{
Hash: true,
},
}

// generate random strings
passwords := []string{}
for i := 0; i < 10; i++ {
password, err := utils.NewUID(32)
if err != nil {
t.Errorf("utils.NewUID() returned error: %s", err)
}
passwords = append(passwords, password)
}

for _, password := range passwords {
hashedPassword := provider.hash(password)

// json encode password hash
hashedPasswordJSON, err := json.Marshal(hashedPassword)
if err != nil {
t.Errorf("json.Marshal() returned error: %s", err)
}

// json decode password hash json
var hashedPasswordStr string
err = json.Unmarshal(hashedPasswordJSON, &hashedPasswordStr)
if err != nil {
t.Errorf("json.Unmarshal() returned error: %s", err)
}

if hashedPasswordStr != hashedPassword {
t.Errorf("hashedPasswordStr: %s != hashedPassword: %s", hashedPasswordStr, hashedPassword)
}
}
}

0 comments on commit ce3830f

Please sign in to comment.