acdiu/hbb_common
1
0
Fork 0
mirror of https://github.com/rustdesk/hbb_common.git synced 2026-05-25 17:19:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

refact(password): early return error on invalid password

Browse Source 
Signed-off-by: fufesou <linlong1266@gmail.com>
This commit is contained in:
fufesou
2026-05-22 18:53:02 +08:00
parent 8e0c8ab939
commit 2f032ad525
1 changed files with 23 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/config.rs
View File

@@ -30,10 +30,10 @@ use permanent_password::{
decode_permanent_password_h1_from_hashed_storage, decrypt_permanent_password_str_or_original, decode_permanent_password_h1_from_hashed_storage, decrypt_permanent_password_str_or_original,
encode_permanent_password_encrypted_storage_from_h1, password_is_empty_or_not_hashed, encode_permanent_password_encrypted_storage_from_h1, password_is_empty_or_not_hashed,
preset_permanent_password_storage_matches_plain, DEFAULT_SALT_LEN, PASSWORD_ENC_VERSION, preset_permanent_password_storage_matches_plain, DEFAULT_SALT_LEN, PASSWORD_ENC_VERSION,
PERMANENT_PASSWORD_H1_LEN, PERMANENT_PASSWORD_ENC_VERSION, PERMANENT_PASSWORD_H1_LEN,
}; };
#[cfg(test)] #[cfg(test)]
use permanent_password::{is_permanent_password_hashed_storage, PERMANENT_PASSWORD_ENC_VERSION}; use permanent_password::is_permanent_password_hashed_storage;
use crate::{ use crate::{
compress::{compress, decompress}, compress::{compress, decompress},
@@ -653,6 +653,9 @@ impl Config {
} }
let (decrypted_storage, decrypted, _) = let (decrypted_storage, decrypted, _) =
decrypt_permanent_password_str_or_original(&config.password); decrypt_permanent_password_str_or_original(&config.password);
if config.password.starts_with(PERMANENT_PASSWORD_ENC_VERSION) && !decrypted {
return Err(anyhow!("Invalid permanent password encrypted hash storage"));
}
if decrypted { if decrypted {
Self::ensure_permanent_password_hash_salt(config)?; Self::ensure_permanent_password_hash_salt(config)?;
if decode_permanent_password_h1_from_hashed_storage(&decrypted_storage).is_some() { if decode_permanent_password_h1_from_hashed_storage(&decrypted_storage).is_some() {
@@ -3463,17 +3466,25 @@ mod tests {
#[test] #[test]
fn test_prepare_store_clears_invalid_permanent_password_and_keeps_unrelated_fields() { fn test_prepare_store_clears_invalid_permanent_password_and_keeps_unrelated_fields() {
let mut cfg = Config::default(); for password in [
let invalid_payload = {
crate::password_security::symmetric_crypt(b"not-a-hash", true).unwrap(); let invalid_payload =
cfg.password = PERMANENT_PASSWORD_ENC_VERSION.to_owned() crate::password_security::symmetric_crypt(b"not-a-hash", true).unwrap();
+ &base64::encode(invalid_payload, base64::Variant::Original); PERMANENT_PASSWORD_ENC_VERSION.to_owned()
cfg.id = "123456789".to_owned(); + &base64::encode(invalid_payload, base64::Variant::Original)
},
format!("{PERMANENT_PASSWORD_ENC_VERSION}invalid"),
] {
let mut cfg = Config::default();
cfg.password = password;
cfg.salt = "salt123".to_owned();
cfg.id = "123456789".to_owned();
Config::prepare_config_for_store(&mut cfg); Config::prepare_config_for_store(&mut cfg);
assert!(cfg.password.is_empty()); assert!(cfg.password.is_empty());
assert!(cfg.salt.is_empty()); assert!(cfg.salt.is_empty());
assert_eq!(cfg.id, "123456789"); assert_eq!(cfg.id, "123456789");
}
} }
#[test] #[test]