* Created Account->validate_password to test that a user name and password is valid.

Signed-off-by: Digimer <digimer@alteeve.ca>
main
Digimer 7 years ago
parent 04cbec30a0
commit 59245a4f0b
  1. 147
      Anvil/Tools/Account.pm
  2. 2
      share/words.xml
  3. 28
      tools/anvil-change-password

@ -13,7 +13,7 @@ my $THIS_FILE = "Account.pm";
### Methods; ### Methods;
# encrypt_password # encrypt_password
# # validate_password
=pod =pod
@ -208,4 +208,149 @@ sub encrypt_password
return($answer); return($answer);
} }
=head2 validate_password
This method takes a user name and password and checks to see if the password matches.
If the password is wrong, or if the user isn't found, C<< 0 >> is returned. If the password matches, C<< 1 >> is returned.
Parameters;
=head3 password (required)
This is the password to test.
=head3 user (required)
This is the user whose password we're testing.
=cut
sub validate_password
{
my $self = shift;
my $parameter = shift;
my $anvil = $self->parent;
my $debug = defined $parameter->{debug} ? $parameter->{debug} : 3;
my $password = defined $parameter->{password} ? $parameter->{password} : "";
my $user = defined $parameter->{user} ? $parameter->{user} : "";
my $valid = 0;
my $hash = "";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
password => $anvil->Log->secure ? $password : "--",
user => $user,
}});
if (not $password)
{
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0020", variables => { method => "Account->validate_password()", parameter => "password" }});
return($valid);
}
if (not $user)
{
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0020", variables => { method => "Account->validate_password()", parameter => "user" }});
return($valid);
}
my $query = "
SELECT
user_password,
user_salt,
user_algorithm,
user_hash_count
FROM
users
WHERE
user_name = ".$anvil->data->{sys}{use_db_fh}->quote($user)."
;";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { query => $query }});
my $results = $anvil->Database->query({query => $query, source => $THIS_FILE, line => __LINE__});
my $count = @{$results};
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
results => $results,
count => $count,
}});
if (not $count)
{
# User not found.
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0172", variables => { user => $user }});
return($valid);
}
my $user_password = $results->[0]->[0];
my $user_salt = $results->[0]->[1];
my $user_algorithm = $results->[0]->[2];
my $user_hash_count = $results->[0]->[3];
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
user_password => $user_password,
user_salt => $user_salt,
user_algorithm => $user_algorithm,
user_hash_count => $user_hash_count,
}});
if ($user_algorithm eq "sha256" )
{
$hash = sha256_base64($password.$user_salt);
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { hash => $hash }});
if ($user_hash_count > 0)
{
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { user_hash_count => $user_hash_count }});
for (1..$user_hash_count)
{
$hash = sha256_base64($hash);
}
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { hash => $hash }});
}
}
elsif ($user_algorithm eq "sha384" )
{
$hash = sha384_base64($password.$user_salt);
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { hash => $hash }});
if ($user_hash_count > 0)
{
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { user_hash_count => $user_hash_count }});
for (1..$user_hash_count)
{
$hash = sha384_base64($hash);
}
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { hash => $hash }});
}
}
elsif ($user_algorithm eq "sha512" )
{
$hash = sha512_base64($password.$user_salt);
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { hash => $hash }});
if ($user_hash_count > 0)
{
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { user_hash_count => $user_hash_count }});
for (1..$user_hash_count)
{
$hash = sha512_base64($hash);
}
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { hash => $hash }});
}
}
else
{
# Bad algorith.
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0173", variables => { user_algorithm => $user_algorithm }});
return($valid);
}
# Test.
if ($hash eq $user_password)
{
# Good password.
$valid = 1;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { valid => $valid }});
}
return($valid);
}
1; 1;

@ -251,6 +251,8 @@ The database connection error was:
<key name="log_0169">Failed to copy the file: [#!variable!source_file!#] to: [#!variable!target_file!#] on the target: [#!variable!target!#] as: [#!variable!remote_user!#]. The error (if any) was: [#!variable!error!#] and the output (if any) was: [#!variable!output!#].</key> <key name="log_0169">Failed to copy the file: [#!variable!source_file!#] to: [#!variable!target_file!#] on the target: [#!variable!target!#] as: [#!variable!remote_user!#]. The error (if any) was: [#!variable!error!#] and the output (if any) was: [#!variable!output!#].</key>
<key name="log_0170"><![CDATA[[ Note ] - The method Storage->copy_file() was asked to copy: [#!variable!source_file!#] to: [#!variable!target_file!#], but the target's parent directory doesn't exist and we were unable to create it.]]></key> <key name="log_0170"><![CDATA[[ Note ] - The method Storage->copy_file() was asked to copy: [#!variable!source_file!#] to: [#!variable!target_file!#], but the target's parent directory doesn't exist and we were unable to create it.]]></key>
<key name="log_0171"><![CDATA[[ Error ] - The method: Account->encrypt_password() tried to use the algorithm: [#!variable!algorithm!#], which is not recognized. Only 'sha256', 'sha384' and 'sha512' are currently supported. The desired algorithm can be set via 'sys::password::algorithm'.]]></key> <key name="log_0171"><![CDATA[[ Error ] - The method: Account->encrypt_password() tried to use the algorithm: [#!variable!algorithm!#], which is not recognized. Only 'sha256', 'sha384' and 'sha512' are currently supported. The desired algorithm can be set via 'sys::password::algorithm'.]]></key>
<key name="log_0172"><![CDATA[[ Error ] - Asked to validate a password for the user: [#!variable!user!#], but that user wasn't found.]]></key>
<key name="log_0173"><![CDATA[[ Error ] - Asked to valudate a password encoded with the algorithm: [#!variable!user_algorithm!#], which is not recognized. Only 'sha256', 'sha384' and 'sha512' are currently supported.]]></key>
<!-- Test words. Do NOT change unless you update 't/Words.t' or tests will needlessly fail. --> <!-- Test words. Do NOT change unless you update 't/Words.t' or tests will needlessly fail. -->
<key name="t_0000">Test</key> <key name="t_0000">Test</key>

@ -58,18 +58,26 @@ if (not $connections)
$anvil->nice_exit({exit_code => 2}); $anvil->nice_exit({exit_code => 2});
} }
my $user_uuid = $anvil->Database->insert_or_update_users({ my $user = "admin";
my $password = "Initial2";
# my $user_uuid = $anvil->Database->insert_or_update_users({
# debug => 2,
# user_name => $user,
# user_password => $password,
# user_salt => "",
# user_algorithm => "",
# user_hash_count => "",
# user_is_admin => 1,
# user_is_experienced => 1,
# user_is_trusted => 1,
# });
# print "User name: [".$user."], UUID: [".$user_uuid."]\n";
my $valid = $anvil->Account->validate_password({
debug => 2, debug => 2,
user_name => "admin", user => $user,
user_password => "Initial2", password => $password,
user_salt => "",
user_algorithm => "",
user_hash_count => "",
user_is_admin => 1,
user_is_experienced => 1,
user_is_trusted => 1,
}); });
print "User UUID: [".$user_uuid."]\n"; print "Password validated? [".$valid."].\n";
exit; exit;
# The order that we pick up the new password is; # The order that we pick up the new password is;

Loading…
Cancel
Save