mirror of
https://github.com/rustdesk/hbb_common.git
synced 2026-05-25 17:19:15 +00:00
refact(password): simplify preset password
Signed-off-by: fufesou <linlong1266@gmail.com>
This commit is contained in:
fufesou
@@ -23,13 +23,12 @@ mod permanent_password;
|
|||||||
|
|
||||||
pub use permanent_password::{
|
pub use permanent_password::{
|
||||||
compute_permanent_password_h1, decode_permanent_password_h1_from_storage,
|
compute_permanent_password_h1, decode_permanent_password_h1_from_storage,
|
||||||
local_permanent_password_storage_is_usable_for_auth,
|
decode_preset_password_h1_from_storage, local_permanent_password_storage_is_usable_for_auth,
|
||||||
preset_permanent_password_storage_is_usable_for_auth, ENCRYPT_MAX_LEN,
|
preset_permanent_password_storage_is_usable_for_auth, ENCRYPT_MAX_LEN,
|
||||||
};
|
};
|
||||||
use permanent_password::{
|
use permanent_password::{
|
||||||
decode_permanent_password_h1_from_hashed_storage, decrypt_permanent_password_str_or_original,
|
decode_permanent_password_h1_from_hashed_storage, decrypt_permanent_password_str_or_original,
|
||||||
encode_permanent_password_encrypted_storage_from_h1, normalize_preset_password_storage,
|
encode_permanent_password_encrypted_storage_from_h1, password_is_empty_or_not_hashed,
|
||||||
password_is_empty_or_not_hashed, permanent_password_storage_is_hashed,
|
|
||||||
preset_permanent_password_storage_matches_plain, DEFAULT_SALT_LEN, PASSWORD_ENC_VERSION,
|
preset_permanent_password_storage_matches_plain, DEFAULT_SALT_LEN, PASSWORD_ENC_VERSION,
|
||||||
PERMANENT_PASSWORD_H1_LEN,
|
PERMANENT_PASSWORD_H1_LEN,
|
||||||
};
|
};
|
||||||
@@ -1409,7 +1408,7 @@ impl Config {
|
|||||||
let hard_settings = HARD_SETTINGS.read().unwrap();
|
let hard_settings = HARD_SETTINGS.read().unwrap();
|
||||||
let storage = hard_settings.get("password").cloned().unwrap_or_default();
|
let storage = hard_settings.get("password").cloned().unwrap_or_default();
|
||||||
let salt = hard_settings.get("salt").cloned().unwrap_or_default();
|
let salt = hard_settings.get("salt").cloned().unwrap_or_default();
|
||||||
(normalize_preset_password_storage(storage, &salt), salt)
|
(storage, salt)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn get_effective_permanent_password_salt() -> String {
|
pub fn get_effective_permanent_password_salt() -> String {
|
||||||
@@ -1422,7 +1421,7 @@ impl Config {
|
|||||||
}
|
}
|
||||||
let (preset_storage, preset_salt) = Self::get_preset_password_storage_and_salt();
|
let (preset_storage, preset_salt) = Self::get_preset_password_storage_and_salt();
|
||||||
if !preset_salt.is_empty() {
|
if !preset_salt.is_empty() {
|
||||||
if permanent_password_storage_is_hashed(&preset_storage) {
|
if preset_permanent_password_storage_is_usable_for_auth(&preset_storage, &preset_salt) {
|
||||||
return preset_salt;
|
return preset_salt;
|
||||||
}
|
}
|
||||||
return String::new();
|
return String::new();
|
||||||
|
|||||||
@@ -102,20 +102,6 @@ pub(super) fn decrypt_permanent_password_str_or_original(storage: &str) -> (Stri
|
|||||||
(storage.to_owned(), false, !storage.is_empty())
|
(storage.to_owned(), false, !storage.is_empty())
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(super) fn normalize_preset_password_storage(storage: String, salt: &str) -> String {
|
|
||||||
if salt.is_empty() {
|
|
||||||
return storage;
|
|
||||||
}
|
|
||||||
if let Some(h1) = decode_hbbs_preset_password_h1_from_storage(&storage) {
|
|
||||||
if let Some(storage) = encode_permanent_password_encrypted_storage_from_h1(&h1) {
|
|
||||||
return storage;
|
|
||||||
}
|
|
||||||
log::error!("Failed to encrypt preset permanent password hash storage");
|
|
||||||
return String::new();
|
|
||||||
}
|
|
||||||
storage
|
|
||||||
}
|
|
||||||
|
|
||||||
pub(super) fn permanent_password_storage_is_usable_for_auth(storage: &str, salt: &str) -> bool {
|
pub(super) fn permanent_password_storage_is_usable_for_auth(storage: &str, salt: &str) -> bool {
|
||||||
if storage.is_empty() {
|
if storage.is_empty() {
|
||||||
return false;
|
return false;
|
||||||
@@ -148,11 +134,10 @@ pub fn preset_permanent_password_storage_is_usable_for_auth(storage: &str, salt:
|
|||||||
decode_preset_password_h1_from_storage(storage).is_some()
|
decode_preset_password_h1_from_storage(storage).is_some()
|
||||||
}
|
}
|
||||||
|
|
||||||
fn decode_preset_password_h1_from_storage(
|
pub fn decode_preset_password_h1_from_storage(
|
||||||
storage: &str,
|
storage: &str,
|
||||||
) -> Option<[u8; PERMANENT_PASSWORD_H1_LEN]> {
|
) -> Option<[u8; PERMANENT_PASSWORD_H1_LEN]> {
|
||||||
decode_permanent_password_h1_from_storage(storage)
|
decode_hbbs_preset_password_h1_from_storage(storage)
|
||||||
.or_else(|| decode_hbbs_preset_password_h1_from_storage(storage))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn local_permanent_password_storage_is_usable_for_auth(storage: &str, salt: &str) -> bool {
|
pub fn local_permanent_password_storage_is_usable_for_auth(storage: &str, salt: &str) -> bool {
|
||||||
@@ -167,10 +152,6 @@ pub fn local_permanent_password_storage_is_usable_for_auth(storage: &str, salt:
|
|||||||
permanent_password_storage_is_usable_for_auth(storage, salt)
|
permanent_password_storage_is_usable_for_auth(storage, salt)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub(super) fn permanent_password_storage_is_hashed(storage: &str) -> bool {
|
|
||||||
decode_permanent_password_h1_from_storage(storage).is_some()
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
fn permanent_password_storage_matches_plain(storage: &str, salt: &str, input: &str) -> bool {
|
fn permanent_password_storage_matches_plain(storage: &str, salt: &str, input: &str) -> bool {
|
||||||
if storage.is_empty() || input.is_empty() {
|
if storage.is_empty() || input.is_empty() {
|
||||||
@@ -299,14 +280,11 @@ mod tests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_hbbs_00_hashed_preset_password_storage_is_normalized() {
|
fn test_hbbs_00_hashed_preset_password_storage_is_decoded_for_preset_auth() {
|
||||||
let h1 = compute_permanent_password_h1("p@ssw0rd", "salt123");
|
let h1 = compute_permanent_password_h1("p@ssw0rd", "salt123");
|
||||||
let storage = encode_hbbs_preset_password_storage_from_h1(&h1);
|
let storage = encode_hbbs_preset_password_storage_from_h1(&h1);
|
||||||
|
|
||||||
assert_eq!(
|
assert_eq!(decode_preset_password_h1_from_storage(&storage), Some(h1));
|
||||||
normalize_preset_password_storage(storage, "salt123"),
|
|
||||||
encode_permanent_password_encrypted_storage_from_h1(&h1).unwrap()
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
@@ -326,15 +304,25 @@ mod tests {
|
|||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_encrypted_hash_storage_is_not_accepted_as_preset_storage() {
|
||||||
|
let salt = "salt123";
|
||||||
|
let h1 = compute_permanent_password_h1("p@ssw0rd", salt);
|
||||||
|
let storage = encode_permanent_password_encrypted_storage_from_h1(&h1).unwrap();
|
||||||
|
|
||||||
|
assert!(!preset_permanent_password_storage_is_usable_for_auth(
|
||||||
|
&storage, salt
|
||||||
|
));
|
||||||
|
assert!(!preset_permanent_password_storage_matches_plain(
|
||||||
|
&storage, salt, "p@ssw0rd"
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_hbbs_00_shaped_preset_password_without_salt_stays_plaintext() {
|
fn test_hbbs_00_shaped_preset_password_without_salt_stays_plaintext() {
|
||||||
let h1 = compute_permanent_password_h1("p@ssw0rd", "salt123");
|
let h1 = compute_permanent_password_h1("p@ssw0rd", "salt123");
|
||||||
let storage = encode_hbbs_preset_password_storage_from_h1(&h1);
|
let storage = encode_hbbs_preset_password_storage_from_h1(&h1);
|
||||||
|
|
||||||
assert_eq!(
|
|
||||||
normalize_preset_password_storage(storage.clone(), ""),
|
|
||||||
storage
|
|
||||||
);
|
|
||||||
assert!(preset_permanent_password_storage_is_usable_for_auth(
|
assert!(preset_permanent_password_storage_is_usable_for_auth(
|
||||||
&storage, ""
|
&storage, ""
|
||||||
));
|
));
|
||||||
|
|||||||
Reference in New Issue
Block a user