diff --git a/plugin.rb b/plugin.rb index 8a70442..e06af41 100644 --- a/plugin.rb +++ b/plugin.rb @@ -4,7 +4,7 @@ # name: discourse-md5_authentication # about: A plugin to authenticate users with MD5 passwords from legacy systems -# version: 0.20 +# version: 0.21 # authors: saint@federated.computer # url: https://gitea.federated.computer/saint/discourse-md5_authentication.git @@ -48,12 +48,16 @@ after_initialize do # Log the presence of custom MD5 hash for debugging Rails.logger.warn "MD5 -- Check for MD5 password in custom field" if custom_password_md5.present? - Rails.logger.warn "MD5 -- MD5 password is present custom_password_md5: #{custom_password_md5} password: #{password}" + + # SCENARIO 1. : LEGACY MD5 HASH EXISTS + Rails.logger.warn "MD5 -- 1. MD5 password is present custom_password_md5: #{custom_password_md5} password: #{password}" # Verify the provided password against the stored MD5 hash if verify_gossamer_password(password, custom_password_md5) + + # SCENARIO 1.1. : LEGACY MD5 HAS EXISTS AND MATCHES # If MD5 hash matches, update the user's password and other attributes - Rails.logger.warn "MD5 -- MD5 matches" + Rails.logger.warn "MD5 -- 1.1. MD5 matches" # Set the user's password to the provided one and update other attributes user.password = password @@ -79,20 +83,59 @@ after_initialize do Rails.logger.warn("MD5 -- Generated token for user #{user.username}: #{token}") Rails.logger.warn "MD5 -- Updated user: #{user.id}" + else - # If MD5 hash does not match, log the failed login attempt - Rails.logger.warn "MD5 -- MD5 Password (hash) incorrect for user: #{user.id}" - invalid_credentials - return + # SCENARIO 1.2. : LEGACY MD5 HASH EXISTS BUT DOES NOT MATCH + + # Log the failed login attempt + Rails.logger.warn "MD5 -- 1.2. MD5 Password (hash) exists but fails / incorrect for user: #{user.id}" + + if user.confirm_password?(password) + # SCENARIO 1.2.1 : LEGACY MD5 HASH EXISTS BUT DOES NOT MATCH, BUT REAL PASSWORD WORKS -- NEW SUPPORT in v0.21 + + Rails.logger.warn "MD5 -- 1.2.1. Real Password Works for username: #{user.username} user: #{user.id}" + + # Update other attributes (other than password which is already correct) + user.active = true + user.approved = true + user.approved_at = Time.now + user.approved_by_id = 1 + user.custom_fields['md5_password'] = nil # Clear the custom MD5 field + user.save! + Rails.logger.warn "MD5 -- DD -- user.present, cleared legacy MD5 field!" + + # Generate a new token and hash it + token = SecureRandom.hex(20) + token_hash = EmailToken.hash_token(token) + + # Create a confirmed email token for the user + EmailToken.create!( + user_id: user.id, + email: user.email, + token_hash: token_hash, + confirmed: true + ) + Rails.logger.warn("MD5 -- Generated token for user #{user.username}: #{token}") + + Rails.logger.warn "MD5 -- Updated user: #{user.id}" + + else + # SCENARIO 1.2.2 : LEGACY MD5 HASH EXISTS BUT DOES NOT MATCH, AND REAL PASSWORD DOES NOT MATCH OR IS NOT PRESENT + Rails.logger.warn("MD5 -- 1.2.2. -- MD5 Password (hash) incorrect and no matching real password for username: #{user.username} user: #{user.id}") + invalid_credentials + return + end end elsif !user.confirm_password?(password) + # SCENARIO 2. : NO lEGACY MD5 HASH EXISTS AND REAL PASSWORD DOES NOT MATCH OR IS NOT PRESENT # If no MD5 hash is present and the provided password is incorrect - Rails.logger.warn "MD5 -- Password incorrect for user: #{user.id}" + Rails.logger.warn "MD5 -- 2. Password incorrect for user: #{user.id}" invalid_credentials return end + # If the site requires user approval and the user is not yet approved if login_not_approved_for?(user) render json: login_not_approved