-
Notifications
You must be signed in to change notification settings - Fork 0
/
user-object.js
82 lines (58 loc) · 2.15 KB
/
user-object.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
//
// I was trying to get a password hashed with flask to verify in javascript - found this on stackoverflow but nothing I treid worked.
//
var sha512crypt = require("sha512crypt-node").sha512crypt;
const users = {
"A": ""
}
var crypto = require('crypto');
var pbkdf2_sha512 = require('pbkdf2-sha512');
function b64trimmed(buf) {
return buf.toString('base64').replace(/=*$/, '').replace('+', '.');
}
function b64decode(str) {
// . in Base64?
str = str.replace('.', '+');
if (str.length % 4) {
str += '='.repeat(4 - str.length % 4);
}
return new Buffer(str, 'base64');
}
function get_hmac(secret, password) {
var hmac = crypto.createHmac('sha512', secret).update(password).digest('base64');
return hmac;
}
function get_hash(password, salt, rounds) {
// FIXME: KeyLenBytes is hardcoded
var h = b64trimmed(pbkdf2_sha512(password, salt, rounds, 64));
var joined_hash = ['', 'pbkdf2-sha512', rounds, b64trimmed(salt), h].join('$');
return joined_hash;
}
function verify_hash(password, stored_hash) {
var scheme = stored_hash.split('$')[1];
var rounds = stored_hash.split('$')[2];
var salt = stored_hash.split('$')[3];
// FIXME: Maybe throw an exception
if (scheme !== 'pbkdf2-sha512') {
return false;
}
var h = get_hash(password, b64decode(salt), rounds);
return h === stored_hash;
}
function new_hash(password, rounds) {
// FIXME: Salt size is hardcoded
var salt = crypto.randomBytes(16);
return get_hash(password, salt, rounds);
}
var password = 'Example Password';
// Usage:
var h = new_hash(password, 20000);
console.log('HASH ' + h);
console.log('VERIFY ' + verify_hash(password, h));
// Usage for passwords generated with flask_security:
// SECURITY_PASSWORD_SALT is set in config.py and used by flask-security
var SECURITY_PASSWORD_SALT = 'Many random bytes...';
var password_hmac = get_hmac(SECURITY_PASSWORD_SALT, password);
var h = new_hash(password_hmac, 20000);
console.log('HASH ' + h);
console.log('VERIFY ' + verify_hash(password_hmac, h));