v0.21 - Add support for users who have (re)set real passwords in Discourse via email

This commit is contained in:
David Sainty 2024-09-19 14:56:11 +10:00
parent 54f0c3d78a
commit 872b706e0f

View File

@ -4,7 +4,7 @@
# name: discourse-md5_authentication # name: discourse-md5_authentication
# about: A plugin to authenticate users with MD5 passwords from legacy systems # about: A plugin to authenticate users with MD5 passwords from legacy systems
# version: 0.20 # version: 0.21
# authors: saint@federated.computer # authors: saint@federated.computer
# url: https://gitea.federated.computer/saint/discourse-md5_authentication.git # url: https://gitea.federated.computer/saint/discourse-md5_authentication.git
@ -48,12 +48,16 @@ after_initialize do
# Log the presence of custom MD5 hash for debugging # Log the presence of custom MD5 hash for debugging
Rails.logger.warn "MD5 -- Check for MD5 password in custom field" Rails.logger.warn "MD5 -- Check for MD5 password in custom field"
if custom_password_md5.present? if custom_password_md5.present?
Rails.logger.warn "MD5 -- MD5 password is present custom_password_md5: #{custom_password_md5} password: #{password}"
# SCENARIO 1. : LEGACY MD5 HASH EXISTS
Rails.logger.warn "MD5 -- 1. MD5 password is present custom_password_md5: #{custom_password_md5} password: #{password}"
# Verify the provided password against the stored MD5 hash # Verify the provided password against the stored MD5 hash
if verify_gossamer_password(password, custom_password_md5) if verify_gossamer_password(password, custom_password_md5)
# SCENARIO 1.1. : LEGACY MD5 HAS EXISTS AND MATCHES
# If MD5 hash matches, update the user's password and other attributes # If MD5 hash matches, update the user's password and other attributes
Rails.logger.warn "MD5 -- MD5 matches" Rails.logger.warn "MD5 -- 1.1. MD5 matches"
# Set the user's password to the provided one and update other attributes # Set the user's password to the provided one and update other attributes
user.password = password user.password = password
@ -79,20 +83,59 @@ after_initialize do
Rails.logger.warn("MD5 -- Generated token for user #{user.username}: #{token}") Rails.logger.warn("MD5 -- Generated token for user #{user.username}: #{token}")
Rails.logger.warn "MD5 -- Updated user: #{user.id}" Rails.logger.warn "MD5 -- Updated user: #{user.id}"
else else
# If MD5 hash does not match, log the failed login attempt # SCENARIO 1.2. : LEGACY MD5 HASH EXISTS BUT DOES NOT MATCH
Rails.logger.warn "MD5 -- MD5 Password (hash) incorrect for user: #{user.id}"
invalid_credentials # Log the failed login attempt
return Rails.logger.warn "MD5 -- 1.2. MD5 Password (hash) exists but fails / incorrect for user: #{user.id}"
if user.confirm_password?(password)
# SCENARIO 1.2.1 : LEGACY MD5 HASH EXISTS BUT DOES NOT MATCH, BUT REAL PASSWORD WORKS -- NEW SUPPORT in v0.21
Rails.logger.warn "MD5 -- 1.2.1. Real Password Works for username: #{user.username} user: #{user.id}"
# Update other attributes (other than password which is already correct)
user.active = true
user.approved = true
user.approved_at = Time.now
user.approved_by_id = 1
user.custom_fields['md5_password'] = nil # Clear the custom MD5 field
user.save!
Rails.logger.warn "MD5 -- DD -- user.present, cleared legacy MD5 field!"
# Generate a new token and hash it
token = SecureRandom.hex(20)
token_hash = EmailToken.hash_token(token)
# Create a confirmed email token for the user
EmailToken.create!(
user_id: user.id,
email: user.email,
token_hash: token_hash,
confirmed: true
)
Rails.logger.warn("MD5 -- Generated token for user #{user.username}: #{token}")
Rails.logger.warn "MD5 -- Updated user: #{user.id}"
else
# SCENARIO 1.2.2 : LEGACY MD5 HASH EXISTS BUT DOES NOT MATCH, AND REAL PASSWORD DOES NOT MATCH OR IS NOT PRESENT
Rails.logger.warn("MD5 -- 1.2.2. -- MD5 Password (hash) incorrect and no matching real password for username: #{user.username} user: #{user.id}")
invalid_credentials
return
end
end end
elsif !user.confirm_password?(password) elsif !user.confirm_password?(password)
# SCENARIO 2. : NO lEGACY MD5 HASH EXISTS AND REAL PASSWORD DOES NOT MATCH OR IS NOT PRESENT
# If no MD5 hash is present and the provided password is incorrect # If no MD5 hash is present and the provided password is incorrect
Rails.logger.warn "MD5 -- Password incorrect for user: #{user.id}" Rails.logger.warn "MD5 -- 2. Password incorrect for user: #{user.id}"
invalid_credentials invalid_credentials
return return
end end
# If the site requires user approval and the user is not yet approved # If the site requires user approval and the user is not yet approved
if login_not_approved_for?(user) if login_not_approved_for?(user)
render json: login_not_approved render json: login_not_approved