v0.14 Total recombobulation to test with Bitnami Discourse 3.2.5

2024-08-28 18:41:22 +10:00 · 2024-08-28 18:41:22 +10:00 · 9edabc2a3a
commit 9edabc2a3a
parent 48d1e343b7
1 changed files with 11 additions and 7 deletions
--- a/plugin.rb
+++ b/plugin.rb
@ -18,6 +18,7 @@ after_initialize do
    prepend Module.new {
      # Override the create method to add our custom authentication checks
      def create
+        Rails.logger.warn "MD5 -- AA -- start create"
        # Ensure required parameters are present
        params.require(:login)
        params.require(:password)
@ -28,6 +29,7 @@ after_initialize do
        # Find the user by username or email
        user = User.find_by_username_or_email(normalized_login_param)

+        Rails.logger.warn "MD5 -- BB -- second"
        # Check if site is in staff writes-only mode and ensure user is staff if true
        raise Discourse::ReadOnly if staff_writes_only_mode? && !user&.staff?

@ -35,19 +37,20 @@ after_initialize do
        rate_limit_second_factor!(user)

        if user.present?
+          Rails.logger.warn "MD5 -- CC -- user.present"
          # Retrieve the provided password and custom MD5 password hash from user custom fields
          password = params[:password]
          custom_password_md5 = user.custom_fields['custom_password_md5']

          # Log the presence of custom MD5 hash for debugging
-          Rails.logger.warn "Check for MD5 password in custom field"
+          Rails.logger.warn "MD5 -- Check for MD5 password in custom field"
          if custom_password_md5.present?
-            Rails.logger.warn "MD5 password is present custom_password_md5: #{custom_password_md5} password: #{password}"
+            Rails.logger.warn "MD5 -- MD5 password is present custom_password_md5: #{custom_password_md5} password: #{password}"

            # Verify the provided password against the stored MD5 hash
            if verify_gossamer_password(password, custom_password_md5)
              # If MD5 hash matches, update the user's password and other attributes
-              Rails.logger.warn "MD5 matches"
+              Rails.logger.warn "MD5 -- MD5 matches"

              # Set the user's password to the provided one and update other attributes
              user.password = password
@ -57,6 +60,7 @@ after_initialize do
              user.approved_by_id = 1
              user.custom_fields['custom_password_md5'] = nil # Clear the custom MD5 field
              user.save!
+            Rails.logger.warn "MD5 -- DD -- user.present"

              # Generate a new token and hash it
              token = SecureRandom.hex(20)
@ -69,19 +73,19 @@ after_initialize do
                token_hash: token_hash,
                confirmed: true
              )
-              Rails.logger.warn("Generated token for user #{user.username}: #{token}")
+              Rails.logger.warn("MD5 -- Generated token for user #{user.username}: #{token}")

-              Rails.logger.warn "Updated user: #{user.id}"
+              Rails.logger.warn "MD5 -- Updated user: #{user.id}"
            else
              # If MD5 hash does not match, log the failed login attempt
-              Rails.logger.warn "MD5 Password incorrect for user: #{user.id}"
+              Rails.logger.warn "MD5 -- MD5 Password (hash) incorrect for user: #{user.id}"
              invalid_credentials
              return
            end

          elsif !user.confirm_password?(password)
            # If no MD5 hash is present and the provided password is incorrect
-            Rails.logger.warn "Password incorrect for user: #{user.id}"
+            Rails.logger.warn "MD5 -- Password incorrect for user: #{user.id}"
            invalid_credentials
            return
          end