X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=blobdiff_plain;f=src%2Fcore%2Fstorage.cpp;h=92892563d26e734381880ecbc3c7cba87f374a31;hp=f8d60b76709a9f1b476f88e70d8ad1b3fe4f5dc5;hb=3a3e844f9fcfd12235a0086af75ecd503b621ef4;hpb=1e57394b3bb6aaf6213270658e00975b19f02d26 diff --git a/src/core/storage.cpp b/src/core/storage.cpp index f8d60b76..92892563 100644 --- a/src/core/storage.cpp +++ b/src/core/storage.cpp @@ -1,5 +1,5 @@ /*************************************************************************** - * Copyright (C) 2005-2015 by the Quassel Project * + * Copyright (C) 2005-2018 by the Quassel Project * * devel@quassel-irc.org * * * * This program is free software; you can redistribute it and/or modify * @@ -20,6 +20,8 @@ #include "storage.h" +#include + #include Storage::Storage(QObject *parent) @@ -29,36 +31,30 @@ Storage::Storage(QObject *parent) QString Storage::hashPassword(const QString &password) { -#if QT_VERSION >= 0x050000 return hashPasswordSha2_512(password); -#else - return hashPasswordSha1(password); -#endif } bool Storage::checkHashedPassword(const UserId user, const QString &password, const QString &hashedPassword, const Storage::HashVersion version) { bool passwordCorrect = false; - + switch (version) { - case Storage::HashVersion::sha1: + case Storage::HashVersion::Sha1: passwordCorrect = checkHashedPasswordSha1(password, hashedPassword); break; -#if QT_VERSION >= 0x050000 - case Storage::HashVersion::sha2_512: + case Storage::HashVersion::Sha2_512: passwordCorrect = checkHashedPasswordSha2_512(password, hashedPassword); break; -#endif default: qWarning() << "Password hash version" << QString(version) << "is not supported, please reset password"; } - - if (passwordCorrect && version < Storage::HashVersion::latest) { + + if (passwordCorrect && version < Storage::HashVersion::Latest) { updateUser(user, password); } - + return passwordCorrect; } @@ -72,7 +68,6 @@ bool Storage::checkHashedPasswordSha1(const QString &password, const QString &ha return hashPasswordSha1(password) == hashedPassword; } -#if QT_VERSION >= 0x050000 QString Storage::hashPasswordSha2_512(const QString &password) { // Generate a salt of 512 bits (64 bytes) using the Mersenne Twister @@ -86,11 +81,8 @@ QString Storage::hashPasswordSha2_512(const QString &password) } QString salt(saltBytes.toHex()); - // Append the salt to the password and hash it - QString passwordAndSalt(password + salt); - QString hash(QCryptographicHash::hash(passwordAndSalt.toUtf8(), QCryptographicHash::Sha512).toHex()); - - return hash + ":" + salt; + // Append the salt to the password, hash the result, and append the salt value + return sha2_512(password + salt) + ":" + salt; } bool Storage::checkHashedPasswordSha2_512(const QString &password, const QString &hashedPassword) @@ -99,12 +91,15 @@ bool Storage::checkHashedPasswordSha2_512(const QString &password, const QString QStringList hashedPasswordAndSalt = hashedPassword.split(colonSplitter); if (hashedPasswordAndSalt.size() == 2){ - QString passwordAndSalt(password + hashedPasswordAndSalt[1]); - return QString(QCryptographicHash::hash(passwordAndSalt.toUtf8(), QCryptographicHash::Sha512).toHex()) == hashedPasswordAndSalt[0]; + return sha2_512(password + hashedPasswordAndSalt[1]) == hashedPasswordAndSalt[0]; } else { qWarning() << "Password hash and salt were not in the correct format"; return false; } } -#endif + +QString Storage::sha2_512(const QString &input) +{ + return QString(QCryptographicHash::hash(input.toUtf8(), QCryptographicHash::Sha512).toHex()); +}