Bug #17477 for Catalyst-Plugin-Authentication-Store-DBIC: Patch adding per-user salt

Subject:

Patch adding per-user salt

This attached patch adds support for "password_pre_salt_field" and "password_post_salt_field" that loads per user salt from the database for each password.

Subject:

patch.txt

diff -Nur Catalyst-Plugin-Authentication-Store-DBIC-0.04/lib/Catalyst/Plugin/Authentication/Store/DBIC/User.pm Catalyst-Plugin-Authentication-Store-DBIC-mark/lib/Catalyst/Plugin/Authentication/Store/DBIC/User.pm --- Catalyst-Plugin-Authentication-Store-DBIC-0.04/lib/Catalyst/Plugin/Authentication/Store/DBIC/User.pm 2005-12-14 03:24:32.000000000 +0000 +++ Catalyst-Plugin-Authentication-Store-DBIC-mark/lib/Catalyst/Plugin/Authentication/Store/DBIC/User.pm 2006-02-04 12:35:08.000000000 +0000 @@ -31,9 +31,25 @@ sub hash_algorithm { shift->config->{auth}->{password_hash_type} } -sub password_pre_salt { shift->config->{auth}->{password_pre_salt} } +sub password_pre_salt { + my $self = shift; + + my $field; + if ($field = $self->config->{auth}->{password_pre_salt_field}) + { return $self->user->$field } + + $self->config->{auth}->{password_pre_salt} +} -sub password_post_salt { shift->config->{auth}->{password_post_salt} } +sub password_post_salt { + my $self = shift; + + my $field; + if ($field = $self->config->{auth}->{password_post_salt_field}) + { return $self->user->$field } + + $self->config->{auth}->{password_post_salt} +} sub password { my $self = shift; diff -Nur Catalyst-Plugin-Authentication-Store-DBIC-0.04/lib/Catalyst/Plugin/Authentication/Store/DBIC.pm Catalyst-Plugin-Authentication-Store-DBIC-mark/lib/Catalyst/Plugin/Authentication/Store/DBIC.pm --- Catalyst-Plugin-Authentication-Store-DBIC-0.04/lib/Catalyst/Plugin/Authentication/Store/DBIC.pm 2005-12-14 03:24:32.000000000 +0000 +++ Catalyst-Plugin-Authentication-Store-DBIC-mark/lib/Catalyst/Plugin/Authentication/Store/DBIC.pm 2006-02-04 12:30:58.000000000 +0000 @@ -116,11 +116,23 @@ =head2 password_pre_salt -Use this option if your passwords are hashed with a prefix salt value. +Set this to the salt if your passwords are hashed with a prefix salt value. =head2 password_post_salt -Use this option if your passwords are hashed with a postfix salt value. +Set this to the salt if your passwords are hashed with a postfix salt value. + +=head2 password_pre_salt_field + +The name of the column holding a per-user salt to be prepended to the +password before hashing. This option overrides any value defined in +C<password_pre_salt>. Optional, defaults to not prepending any string. + +=head2 password_pre_salt_field + +The name of the column holding a per-user salt to be appended to the +password before hashing. This option overrides any value defined in +C<password_post_salt>. Optional, defaults to not appending any string. =head1 AUTHORIZATION CONFIGURATION diff -Nur Catalyst-Plugin-Authentication-Store-DBIC-0.04/t/06auth-hashed-salt-field.t Catalyst-Plugin-Authentication-Store-DBIC-mark/t/06auth-hashed-salt-field.t --- Catalyst-Plugin-Authentication-Store-DBIC-0.04/t/06auth-hashed-salt-field.t 1970-01-01 01:00:00.000000000 +0100 +++ Catalyst-Plugin-Authentication-Store-DBIC-mark/t/06auth-hashed-salt-field.t 2006-02-04 12:39:19.000000000 +0000 @@ -0,0 +1,78 @@ +#!perl + +use strict; +use warnings; +use DBI; +use File::Path; +use FindBin; +use Test::More; +use lib "$FindBin::Bin/lib"; + +BEGIN { + eval { require DBD::SQLite } + or plan skip_all => + "DBD::SQLite is required for this test"; + + eval { require DBIx::Class } + or plan skip_all => + "DBIx::Class is required for this test"; + + plan tests => 2; + + $ENV{TESTAPP_DB_FILE} = "$FindBin::Bin/auth.db"; + + $ENV{TESTAPP_CONFIG} = { + name => 'TestApp', + authentication => { + dbic => { + user_class => 'TestApp::Model::User', + user_field => 'username', + password_field => 'password', + password_type => 'hashed', + password_hash_type => 'SHA-1', + password_pre_salt_field => 'presalt', + password_post_salt_field => 'postsalt', + }, + }, + }; + + $ENV{TESTAPP_PLUGINS} = [ + qw/Authentication + Authentication::Store::DBIC + Authentication::Credential::Password + / + ]; +} + +# create the database +my $db_file = $ENV{TESTAPP_DB_FILE}; +unlink $db_file if -e $db_file; + +use Digest::SHA1 qw(sha1_hex); +my $hash = sha1_hex("fred"."hackme"."barney"); + +my $dbh = DBI->connect( "dbi:SQLite:$db_file" ) or die $DBI::errstr; +my $sql = qq{ + CREATE TABLE user ( + id INTEGER PRIMARY KEY, + username TEXT, + password TEXT, + presalt TEXT, + postsalt TEXT + ); + INSERT INTO user VALUES (1, 'andyg', '$hash', 'fred', 'barney') +}; +$dbh->do( $_ ) for split /;/, $sql; +$dbh->disconnect; + +BEGIN { @::EXTRA_FIELDS = qw/presalt postsalt/ } # extra fields in TestApp::Model::User +use Catalyst::Test 'TestApp'; + +# log a user in +{ + ok( my $res = request('http://localhost/user_login?username=andyg&password=hackme'), 'request ok' ); + is( $res->content, 'logged in', 'user logged in ok' ); +} + +# clean up +unlink $db_file; diff -Nur Catalyst-Plugin-Authentication-Store-DBIC-0.04/t/06auth-hashed-salt.t Catalyst-Plugin-Authentication-Store-DBIC-mark/t/06auth-hashed-salt.t --- Catalyst-Plugin-Authentication-Store-DBIC-0.04/t/06auth-hashed-salt.t 1970-01-01 01:00:00.000000000 +0100 +++ Catalyst-Plugin-Authentication-Store-DBIC-mark/t/06auth-hashed-salt.t 2006-02-04 12:19:43.000000000 +0000 @@ -0,0 +1,75 @@ +#!perl + +use strict; +use warnings; +use DBI; +use File::Path; +use FindBin; +use Test::More; +use lib "$FindBin::Bin/lib"; + +BEGIN { + eval { require DBD::SQLite } + or plan skip_all => + "DBD::SQLite is required for this test"; + + eval { require DBIx::Class } + or plan skip_all => + "DBIx::Class is required for this test"; + + plan tests => 2; + + $ENV{TESTAPP_DB_FILE} = "$FindBin::Bin/auth.db"; + + $ENV{TESTAPP_CONFIG} = { + name => 'TestApp', + authentication => { + dbic => { + user_class => 'TestApp::Model::User', + user_field => 'username', + password_field => 'password', + password_type => 'hashed', + password_hash_type => 'SHA-1', + password_pre_salt => 'fred', + password_post_salt => 'barney', + }, + }, + }; + + $ENV{TESTAPP_PLUGINS} = [ + qw/Authentication + Authentication::Store::DBIC + Authentication::Credential::Password + / + ]; +} + +# create the database +my $db_file = $ENV{TESTAPP_DB_FILE}; +unlink $db_file if -e $db_file; + +use Digest::SHA1 qw(sha1_hex); +my $hash = sha1_hex("fred"."hackme"."barney"); + +my $dbh = DBI->connect( "dbi:SQLite:$db_file" ) or die $DBI::errstr; +my $sql = qq{ + CREATE TABLE user ( + id INTEGER PRIMARY KEY, + username TEXT, + password TEXT + ); + INSERT INTO user VALUES (1, 'andyg', '$hash') +}; +$dbh->do( $_ ) for split /;/, $sql; +$dbh->disconnect; + +use Catalyst::Test 'TestApp'; + +# log a user in +{ + ok( my $res = request('http://localhost/user_login?username=andyg&password=hackme'), 'request ok' ); + is( $res->content, 'logged in', 'user logged in ok' ); +} + +# clean up +unlink $db_file; diff -Nur Catalyst-Plugin-Authentication-Store-DBIC-0.04/t/lib/TestApp/Model/User.pm Catalyst-Plugin-Authentication-Store-DBIC-mark/t/lib/TestApp/Model/User.pm --- Catalyst-Plugin-Authentication-Store-DBIC-0.04/t/lib/TestApp/Model/User.pm 2005-12-14 03:24:32.000000000 +0000 +++ Catalyst-Plugin-Authentication-Store-DBIC-mark/t/lib/TestApp/Model/User.pm 2006-02-04 12:37:52.000000000 +0000 @@ -5,7 +5,7 @@ use base 'TestApp::Model::DBIC'; __PACKAGE__->table( 'user' ); -__PACKAGE__->add_columns( qw/id username password/ ); +__PACKAGE__->add_columns( qw/id username password/, @::EXTRA_FIELDS); __PACKAGE__->set_primary_key( 'id' ); __PACKAGE__->has_many(