From 8c401f9748069eb052f5ac4f2eee1761b1f67afd Mon Sep 17 00:00:00 2001 From: Jeffrey Armstrong Date: Fri, 29 Apr 2022 11:13:13 -0400 Subject: Fixed login to use the proper password checking function. --- captain/captain.f90 | 25 +++++++++++++++++++++++++ captain/db.f90 | 20 ++++++++------------ captain/web.f90 | 11 +++++++++++ 3 files changed, 44 insertions(+), 12 deletions(-) diff --git a/captain/captain.f90 b/captain/captain.f90 index 46287d9..4d7b17f 100644 --- a/captain/captain.f90 +++ b/captain/captain.f90 @@ -123,6 +123,31 @@ contains Print *, "Unverify: "//trim(option)//"X", verify_hash(trim(option)//"X", tmp) stop + ! This option shouldn't be public, and it just verifies passwords + else if(trim(option) == "--verify") then + + if(config_loaded) then + call initialize_db(database_filename) + i = i + 1 + call get_command_argument(i, username) + + i = i + 1 + call get_command_argument(i, password) + + if(validate_user_db(trim(username), trim(password))) then + Print *, "Password accepted!" + else + Print *, "REJECTED" + end if + + else + + Print *, "Please specify the configuration file first" + + end if + + stop + ! This option also shouldn't be public, and it verifies that ! uuids can be generated else if(trim(option) == "--uuid") then diff --git a/captain/db.f90 b/captain/db.f90 index 7500b8a..29c5810 100644 --- a/captain/db.f90 +++ b/captain/db.f90 @@ -1477,27 +1477,23 @@ contains function validate_user_db(username, password) use config, only: app_salt - use m_crypt, only: hash + use m_crypt, only: verify_hash + use logging implicit none character(len=*), intent(in)::username, password logical::validate_user_db - character(len=:), pointer::hashed_pass, db_hashed_pass + character(len=:), pointer::db_hashed_pass validate_user_db = .FALSE. + + db_hashed_pass => get_password_hash_pointer_db(username) + if(associated(db_hashed_pass)) then - hashed_pass => hash(trim(password)//trim(app_salt)) - if(associated(hashed_pass)) then - db_hashed_pass => get_password_hash_pointer_db(username) - if(associated(db_hashed_pass)) then + validate_user_db = verify_hash(trim(password)//trim(app_salt), db_hashed_pass) - validate_user_db = (hashed_pass == db_hashed_pass) - - deallocate(db_hashed_pass) - end if - - deallocate(hashed_pass) + deallocate(db_hashed_pass) end if end function validate_user_db diff --git a/captain/web.f90 b/captain/web.f90 index c3841c0..898551c 100644 --- a/captain/web.f90 +++ b/captain/web.f90 @@ -963,6 +963,10 @@ contains else if(trim(req%location) == "/about.html") then template_to_use = "about.html" + + else if(trim(req%location) == "/login.html") then + + template_to_use = "login.html" else @@ -1056,6 +1060,13 @@ contains contents => generate_one_group_html(req) call page%assign('contents', contents) + else if(trim(first) == "login.html") then + + call page%assign('title', 'Login') + if(associated(req%q%get_value("failed"))) then + call page%assign('login_message', "Login Failed.") + end if + else call page%assign('title', 'Not Found') -- cgit v1.2.3