themaster1970sf/TShock
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Migrate some manual password creation to BCrypt

Browse source 
Note that several times, user.Password was set to a plain text password,
but then later changed to a hashed password, creating data inconsistency.

This also changes User.Password to private set to prevent further accidents.
This commit is contained in:
Lucas Nicodemus 2015-04-13 10:44:45 -06:00
parent a5aa31376a
commit ed34a87c3f
3 changed files with 78 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

19
TShockAPI/Utils.cs
View file

@ -27,6 +27,7 @@ using System.Text;
using System.Text.RegularExpressions;
using Terraria;
using TShockAPI.DB;
using BCrypt.Net;
namespace TShockAPI
{
@ -719,14 +720,16 @@ namespace TShockAPI
ply.SendErrorMessage("Use \"my query\" for items with spaces");
}
/// <summary>
/// Default hashing algorithm.
/// </summary>
public string HashAlgo = "sha512";
/// <summary>
/// Default hashing algorithm.
/// </summary>
[Obsolete("This is no longer necessary, please use TShock.Config.HashAlgorithm instead.")]
public string HashAlgo = "sha512";
/// <summary>
/// A dictionary of hashing algortihms and an implementation object.
/// </summary>
/// <summary>
/// A dictionary of hashing algortihms and an implementation object.
/// </summary>
[Obsolete("This is no longer necessary, after switching to User.VerifyPassword(password) instead.")]
public readonly Dictionary<string, Func<HashAlgorithm>> HashTypes = new Dictionary<string, Func<HashAlgorithm>>
{
{"sha512", () => new SHA512Managed()},
@ -742,6 +745,7 @@ namespace TShockAPI
/// </summary>
/// <param name="bytes">bytes to hash</param>
/// <returns>string sha256</returns>
[Obsolete("Please use User.VerifyPassword(password) instead. Warning: This will upgrade passwords to BCrypt. Already converted passwords will not hash correctly using this method.")]
public string HashPassword(byte[] bytes)
{
if (bytes == null)
@ -762,6 +766,7 @@ namespace TShockAPI
/// </summary>
/// <param name="password">string to hash</param>
/// <returns>string sha256</returns>
[Obsolete("Please use User.VerifyPassword(password) instead. Warning: This will upgrade passwords to BCrypt. Already converted passwords will not hash correctly using this method.")]
public string HashPassword(string password)
{
if (string.IsNullOrEmpty(password) || password == "non-existant password")