fix: auth failed if password contains : (#449)

This commit is contained in:
sigoden 2024-09-06 21:22:28 +08:00 committed by GitHub
parent f87c52fda2
commit c500ce7acc
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 12 additions and 12 deletions

View file

@ -247,8 +247,7 @@ DUFS supports the use of sha-512 hashed password.
Create hashed password Create hashed password
``` ```
$ mkpasswd -m sha-512 -s $ mkpasswd -m sha-512 123456
Password: 123456
$6$tWMB51u6Kb2ui3wd$5gVHP92V9kZcMwQeKTjyTRgySsYJu471Jb1I6iHQ8iZ6s07GgCIO69KcPBRuwPE5tDq05xMAzye0NxVKuJdYs/ $6$tWMB51u6Kb2ui3wd$5gVHP92V9kZcMwQeKTjyTRgySsYJu471Jb1I6iHQ8iZ6s07GgCIO69KcPBRuwPE5tDq05xMAzye0NxVKuJdYs/
``` ```

View file

@ -307,17 +307,17 @@ pub fn check_auth(
) -> Option<()> { ) -> Option<()> {
if let Some(value) = strip_prefix(authorization.as_bytes(), b"Basic ") { if let Some(value) = strip_prefix(authorization.as_bytes(), b"Basic ") {
let value: Vec<u8> = STANDARD.decode(value).ok()?; let value: Vec<u8> = STANDARD.decode(value).ok()?;
let parts: Vec<&str> = std::str::from_utf8(&value).ok()?.split(':').collect(); let (user, pass) = std::str::from_utf8(&value).ok()?.split_once(':')?;
if parts[0] != auth_user { if user != auth_user {
return None; return None;
} }
if auth_pass.starts_with("$6$") { if auth_pass.starts_with("$6$") {
if let Ok(()) = sha_crypt::sha512_check(parts[1], auth_pass) { if let Ok(()) = sha_crypt::sha512_check(pass, auth_pass) {
return Some(()); return Some(());
} }
} else if parts[1] == auth_pass { } else if pass == auth_pass {
return Some(()); return Some(());
} }

View file

@ -57,17 +57,18 @@ fn invalid_auth(
Ok(()) Ok(())
} }
const HASHED_PASSWORD_AUTH: &str = "user:$6$gQxZwKyWn/ZmWEA2$4uV7KKMnSUnET2BtWTj/9T5.Jq3h/MdkOlnIl5hdlTxDZ4MZKmJ.kl6C.NL9xnNPqC4lVHC1vuI0E5cLpTJX81@/:rw"; // user:pass
#[rstest] #[rstest]
#[case(server(&["--auth", "user:$6$gQxZwKyWn/ZmWEA2$4uV7KKMnSUnET2BtWTj/9T5.Jq3h/MdkOlnIl5hdlTxDZ4MZKmJ.kl6C.NL9xnNPqC4lVHC1vuI0E5cLpTJX81@/:rw", "-A"]), "user", "pass")]
#[case(server(&["--auth", "user:$6$YV1J6OHZAAgbzCbS$V55ZEgvJ6JFdz1nLO4AD696PRHAJYhfQf.Gy2HafrCz5itnbgNTtTgfUSqZrt4BJ7FcpRfSt/QZzAan68pido0@/:rw", "-A"]), "user", "pa:ss@1")]
fn auth_hashed_password( fn auth_hashed_password(
#[with(&["--auth", HASHED_PASSWORD_AUTH, "-A"])] server: TestServer, #[case] server: TestServer,
#[case] user: &str,
#[case] pass: &str,
) -> Result<(), Error> { ) -> Result<(), Error> {
let url = format!("{}file1", server.url()); let url = format!("{}file1", server.url());
let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?; let resp = fetch!(b"PUT", &url).body(b"abc".to_vec()).send()?;
assert_eq!(resp.status(), 401); assert_eq!(resp.status(), 401);
if let Err(err) = if let Err(err) = send_with_digest_auth(fetch!(b"PUT", &url).body(b"abc".to_vec()), user, pass)
send_with_digest_auth(fetch!(b"PUT", &url).body(b"abc".to_vec()), "user", "pass")
{ {
assert_eq!( assert_eq!(
err.to_string(), err.to_string(),
@ -76,7 +77,7 @@ fn auth_hashed_password(
} }
let resp = fetch!(b"PUT", &url) let resp = fetch!(b"PUT", &url)
.body(b"abc".to_vec()) .body(b"abc".to_vec())
.basic_auth("user", Some("pass")) .basic_auth(user, Some(pass))
.send()?; .send()?;
assert_eq!(resp.status(), 201); assert_eq!(resp.status(), 201);
Ok(()) Ok(())