mirror of
https://codeberg.org/keyoxide/doipjs.git
synced 2024-12-22 22:49:28 -07:00
fix: normalize case before hash verification
This commit is contained in:
parent
9c9b387fc9
commit
beb78e8227
2 changed files with 49 additions and 2 deletions
|
@ -84,6 +84,27 @@ const containsProof = async (data, params) => {
|
||||||
case '2a':
|
case '2a':
|
||||||
case '2b':
|
case '2b':
|
||||||
case '2y':
|
case '2y':
|
||||||
|
try {
|
||||||
|
// Patch until promise.race properly works on WASM
|
||||||
|
if (parseInt(match[0].split('$')[2]) > 12) continue
|
||||||
|
|
||||||
|
const hashPromise = bcryptVerify({
|
||||||
|
password: fingerprintURI.toLowerCase(),
|
||||||
|
hash: match[0]
|
||||||
|
})
|
||||||
|
.then(result => result)
|
||||||
|
.catch(_ => false)
|
||||||
|
|
||||||
|
result = await Promise.race([hashPromise, timeoutPromise]).then((result) => {
|
||||||
|
clearTimeout(timeoutHandle)
|
||||||
|
return result
|
||||||
|
})
|
||||||
|
} catch (err) {
|
||||||
|
result = false
|
||||||
|
}
|
||||||
|
|
||||||
|
// Accept mixed-case fingerprints until deadline
|
||||||
|
if (!result) {
|
||||||
try {
|
try {
|
||||||
// Patch until promise.race properly works on WASM
|
// Patch until promise.race properly works on WASM
|
||||||
if (parseInt(match[0].split('$')[2]) > 12) continue
|
if (parseInt(match[0].split('$')[2]) > 12) continue
|
||||||
|
@ -102,12 +123,31 @@ const containsProof = async (data, params) => {
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
result = false
|
result = false
|
||||||
}
|
}
|
||||||
|
}
|
||||||
break
|
break
|
||||||
|
|
||||||
case 'argon2':
|
case 'argon2':
|
||||||
case 'argon2i':
|
case 'argon2i':
|
||||||
case 'argon2d':
|
case 'argon2d':
|
||||||
case 'argon2id':
|
case 'argon2id':
|
||||||
|
try {
|
||||||
|
const hashPromise = argon2Verify({
|
||||||
|
password: fingerprintURI.toLowerCase(),
|
||||||
|
hash: match[0]
|
||||||
|
})
|
||||||
|
.then(result => result)
|
||||||
|
.catch(_ => false)
|
||||||
|
|
||||||
|
result = await Promise.race([hashPromise, timeoutPromise]).then((result) => {
|
||||||
|
clearTimeout(timeoutHandle)
|
||||||
|
return result
|
||||||
|
})
|
||||||
|
} catch (err) {
|
||||||
|
result = false
|
||||||
|
}
|
||||||
|
|
||||||
|
// Accept mixed-case fingerprints until deadline
|
||||||
|
if (!result) {
|
||||||
try {
|
try {
|
||||||
const hashPromise = argon2Verify({
|
const hashPromise = argon2Verify({
|
||||||
password: fingerprintURI,
|
password: fingerprintURI,
|
||||||
|
@ -123,6 +163,7 @@ const containsProof = async (data, params) => {
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
result = false
|
result = false
|
||||||
}
|
}
|
||||||
|
}
|
||||||
break
|
break
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -50,6 +50,8 @@ describe('verifications.run', () => {
|
||||||
it('should verify a plaintext proof', async () => {
|
it('should verify a plaintext proof', async () => {
|
||||||
const result = await verifications.run(plaintextCorrectProofData, claimData, fingerprint)
|
const result = await verifications.run(plaintextCorrectProofData, claimData, fingerprint)
|
||||||
expect(result.result).to.be.true
|
expect(result.result).to.be.true
|
||||||
|
const result2 = await verifications.run(plaintextCorrectProofData, claimData, fingerprint.toUpperCase())
|
||||||
|
expect(result2.result).to.be.true
|
||||||
})
|
})
|
||||||
// issue #22
|
// issue #22
|
||||||
it('should handle a plaintext proof with whitespace', async () => {
|
it('should handle a plaintext proof with whitespace', async () => {
|
||||||
|
@ -63,6 +65,8 @@ describe('verifications.run', () => {
|
||||||
it('should verify a argon2-hashed proof', async () => {
|
it('should verify a argon2-hashed proof', async () => {
|
||||||
const result = await verifications.run(argon2CorrectProofData, claimData, fingerprint)
|
const result = await verifications.run(argon2CorrectProofData, claimData, fingerprint)
|
||||||
expect(result.result).to.be.true
|
expect(result.result).to.be.true
|
||||||
|
const result2 = await verifications.run(argon2CorrectProofData, claimData, fingerprint.toUpperCase())
|
||||||
|
expect(result2.result).to.be.true
|
||||||
})
|
})
|
||||||
it('should reject a wrong argon2-hashed proof', async () => {
|
it('should reject a wrong argon2-hashed proof', async () => {
|
||||||
const result = await verifications.run(argon2IncorrectProofData, claimData, fingerprint)
|
const result = await verifications.run(argon2IncorrectProofData, claimData, fingerprint)
|
||||||
|
@ -71,6 +75,8 @@ describe('verifications.run', () => {
|
||||||
it('should verify a bcrypt-hashed proof', async () => {
|
it('should verify a bcrypt-hashed proof', async () => {
|
||||||
const result = await verifications.run(bcryptCorrectProofData, claimData, fingerprint)
|
const result = await verifications.run(bcryptCorrectProofData, claimData, fingerprint)
|
||||||
expect(result.result).to.be.true
|
expect(result.result).to.be.true
|
||||||
|
const result2 = await verifications.run(bcryptCorrectProofData, claimData, fingerprint.toUpperCase())
|
||||||
|
expect(result2.result).to.be.true
|
||||||
})
|
})
|
||||||
it('should reject a wrong bcrypt-hashed proof', async () => {
|
it('should reject a wrong bcrypt-hashed proof', async () => {
|
||||||
const result = await verifications.run(bcryptIncorrectProofData, claimData, fingerprint)
|
const result = await verifications.run(bcryptIncorrectProofData, claimData, fingerprint)
|
||||||
|
|
Loading…
Reference in a new issue