lib/active_ldap/user_password.rb in activeldap-3.1.0 vs lib/active_ldap/user_password.rb in activeldap-3.1.1
- old
+ new
@@ -6,11 +6,12 @@
module ActiveLdap
module UserPassword
module_function
def valid?(password, hashed_password)
unless /^\{([A-Z][A-Z\d]+)\}/ =~ hashed_password
- raise ArgumentError, _("Invalid hashed password: %s") % hashed_password
+ # Plain text password
+ return hashed_password == password
end
type = $1
hashed_password_without_type = $POSTMATCH
normalized_type = type.downcase
unless respond_to?(normalized_type)
@@ -46,36 +47,41 @@
def md5(password)
"{MD5}#{[Digest::MD5.digest(password)].pack('m').chomp}"
end
def smd5(password, salt=nil)
- if salt and salt.size != 4
- raise ArgumentError, _("salt size must be == 4: %s") % salt.inspect
+ if salt and salt.size < 4
+ raise ArgumentError, _("salt size must be >= 4: %s") % salt.inspect
end
salt ||= Salt.generate(4)
md5_hash_with_salt = "#{Digest::MD5.digest(password + salt)}#{salt}"
"{SMD5}#{[md5_hash_with_salt].pack('m').chomp}"
end
def extract_salt_for_smd5(smd5ed_password)
- Base64.decode64(smd5ed_password)[-4, 4]
+ extract_salt_at_pos(smd5ed_password, 16)
end
def sha(password)
"{SHA}#{[Digest::SHA1.digest(password)].pack('m').chomp}"
end
def ssha(password, salt=nil)
- if salt and salt.size != 4
- raise ArgumentError, _("salt size must be == 4: %s") % salt.inspect
+ if salt and salt.size < 4
+ raise ArgumentError, _("salt size must be >= 4: %s") % salt.inspect
end
salt ||= Salt.generate(4)
sha1_hash_with_salt = "#{Digest::SHA1.digest(password + salt)}#{salt}"
"{SSHA}#{[sha1_hash_with_salt].pack('m').chomp}"
end
def extract_salt_for_ssha(sshaed_password)
- extract_salt_for_smd5(sshaed_password)
+ extract_salt_at_pos(sshaed_password, 20)
+ end
+
+ def extract_salt_at_pos(hashed_password, position)
+ salt = Base64.decode64(hashed_password)[position..-1]
+ salt == '' ? nil : salt
end
module Salt
CHARS = ['.', '/'] + ['0'..'9', 'A'..'Z', 'a'..'z'].collect do |x|
x.to_a