some refactoring
This commit is contained in:
loki
+17
-16
@@ -331,7 +331,7 @@ void savePassword(resp_https_t response, req_https_t request) {
|
||||
std::stringstream configStream;
|
||||
ss << request->content.rdbuf();
|
||||
|
||||
pt::ptree inputTree,outputTree,fileTree;
|
||||
pt::ptree inputTree, outputTree, fileTree;
|
||||
|
||||
auto g = util::fail_guard([&]() {
|
||||
std::ostringstream data;
|
||||
@@ -350,20 +350,21 @@ void savePassword(resp_https_t response, req_https_t request) {
|
||||
if(newUsername.length() == 0) newUsername = username;
|
||||
|
||||
std::string hash = util::hex(crypto::hash(password + config::sunshine.salt)).to_string();
|
||||
if(username == config::sunshine.username && hash == config::sunshine.password){
|
||||
if(newPassword != confirmPassword){
|
||||
outputTree.put("status",false);
|
||||
outputTree.put("error","Password Mismatch");
|
||||
if(username == config::sunshine.username && hash == config::sunshine.password) {
|
||||
if(newPassword != confirmPassword) {
|
||||
outputTree.put("status", false);
|
||||
outputTree.put("error", "Password Mismatch");
|
||||
}
|
||||
fileTree.put("username",newUsername);
|
||||
fileTree.put("password",util::hex(crypto::hash(newPassword + config::sunshine.salt)).to_string());
|
||||
fileTree.put("salt",config::sunshine.salt);
|
||||
pt::write_json(config::sunshine.credentials_file,fileTree);
|
||||
fileTree.put("username", newUsername);
|
||||
fileTree.put("password", util::hex(crypto::hash(newPassword + config::sunshine.salt)).to_string());
|
||||
fileTree.put("salt", config::sunshine.salt);
|
||||
pt::write_json(config::sunshine.credentials_file, fileTree);
|
||||
http::reload_user_creds(config::sunshine.credentials_file);
|
||||
outputTree.put("status",true);
|
||||
} else {
|
||||
outputTree.put("status",false);
|
||||
outputTree.put("error","Invalid Current Credentials");
|
||||
outputTree.put("status", true);
|
||||
}
|
||||
else {
|
||||
outputTree.put("status", false);
|
||||
outputTree.put("error", "Invalid Current Credentials");
|
||||
}
|
||||
}
|
||||
catch(std::exception &e) {
|
||||
@@ -374,13 +375,13 @@ void savePassword(resp_https_t response, req_https_t request) {
|
||||
}
|
||||
}
|
||||
|
||||
void savePin(resp_https_t response, req_https_t request){
|
||||
void savePin(resp_https_t response, req_https_t request) {
|
||||
if(!authenticate(response, request)) return;
|
||||
|
||||
std::stringstream ss;
|
||||
ss << request->content.rdbuf();
|
||||
|
||||
pt::ptree inputTree,outputTree;
|
||||
pt::ptree inputTree, outputTree;
|
||||
|
||||
auto g = util::fail_guard([&]() {
|
||||
std::ostringstream data;
|
||||
@@ -392,7 +393,7 @@ void savePin(resp_https_t response, req_https_t request){
|
||||
//TODO: Input Validation
|
||||
pt::read_json(ss, inputTree);
|
||||
std::string pin = inputTree.get<std::string>("pin");
|
||||
outputTree.put("status",nvhttp::pin(pin));
|
||||
outputTree.put("status", nvhttp::pin(pin));
|
||||
}
|
||||
catch(std::exception &e) {
|
||||
BOOST_LOG(warning) << e.what();
|
||||
|
||||
+3
-11
@@ -340,21 +340,13 @@ void md_ctx_destroy(EVP_MD_CTX *ctx) {
|
||||
EVP_MD_CTX_destroy(ctx);
|
||||
}
|
||||
|
||||
std::string rand_string(std::size_t bytes) {
|
||||
std::string alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!%&()=-";
|
||||
std::string value = rand(bytes);
|
||||
std::string rand_alphabet(std::size_t bytes, const std::string_view &alphabet) {
|
||||
auto value = rand(bytes);
|
||||
|
||||
for(std::size_t i = 0; i != value.size(); ++i) {
|
||||
value[i] = alphabet[value[i] % alphabet.length()];
|
||||
}
|
||||
return value;
|
||||
}
|
||||
|
||||
std::string hash_hexstr(const std::string_view &plaintext) {
|
||||
sha256_t hashBytes = crypto::hash(plaintext);
|
||||
std::ostringstream hashStream;
|
||||
hashStream << std::hex << std::setfill('0');
|
||||
std::for_each(hashBytes.cbegin(), hashBytes.cend(), [&](int c) { hashStream << std::setw(2) << c; });
|
||||
std::string hashString = hashStream.str();
|
||||
return hashString;
|
||||
}
|
||||
} // namespace crypto
|
||||
+3
-2
@@ -36,7 +36,7 @@ using bio_t = util::safe_ptr<BIO, BIO_free_all>;
|
||||
using pkey_t = util::safe_ptr<EVP_PKEY, EVP_PKEY_free>;
|
||||
|
||||
sha256_t hash(const std::string_view &plaintext);
|
||||
std::string hash_hexstr(const std::string_view &plaintext);
|
||||
|
||||
aes_t gen_aes_key(const std::array<uint8_t, 16> &salt, const std::string_view &pin);
|
||||
|
||||
x509_t x509(const std::string_view &x);
|
||||
@@ -52,7 +52,8 @@ creds_t gen_creds(const std::string_view &cn, std::uint32_t key_bits);
|
||||
std::string_view signature(const x509_t &x);
|
||||
|
||||
std::string rand(std::size_t bytes);
|
||||
std::string rand_string(std::size_t bytes);
|
||||
std::string rand_alphabet(std::size_t bytes,
|
||||
const std::string_view &alphabet = std::string_view { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!%&()=-" });
|
||||
|
||||
class cert_chain_t {
|
||||
public:
|
||||
|
||||
@@ -68,8 +68,8 @@ int generate_user_creds(const std::string &file) {
|
||||
pt::ptree outputTree;
|
||||
try {
|
||||
std::string username = "sunshine";
|
||||
std::string plainPassword = crypto::rand_string(16);
|
||||
std::string salt = crypto::rand_string(16);
|
||||
std::string plainPassword = crypto::rand_alphabet(16);
|
||||
std::string salt = crypto::rand_alphabet(16);
|
||||
outputTree.put("username", "sunshine");
|
||||
outputTree.put("salt", salt);
|
||||
outputTree.put("password", util::hex(crypto::hash(plainPassword + salt)).to_string());
|
||||
|
||||
Reference in New Issue
Block a user