From a0fc5fe00b0748f88a3f91f0fc6fe0d4ba40b861 Mon Sep 17 00:00:00 2001 From: saint Date: Wed, 28 Aug 2024 15:56:53 +1000 Subject: [PATCH] v0.13 Chagnge debug output to warn, testing on Bitnami 3.2.5 for prod --- README.md | 2 +- plugin.rb | 54 +++++++++++++++++++++++++++--------------------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index 9938762..9bdd3cd 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,2 @@ -A plugin to authenticate users with MD5 passwords from legacy systems +A custom Federated Computer plugin to authenticate users with MD5 passwords from legacy systems diff --git a/plugin.rb b/plugin.rb index 46e09ee..63a5439 100644 --- a/plugin.rb +++ b/plugin.rb @@ -4,7 +4,7 @@ # name: discourse-md5_authentication # about: A plugin to authenticate users with MD5 passwords from legacy systems -# version: 0.12.1 +# version: 0.13 # authors: saint # url: https://gitea.federated.computer/saint/discourse-md5_authentication.git @@ -22,7 +22,7 @@ after_initialize do length.times do result << ITOA64[value & 0x3f] value >>= 6 - Rails.logger.debug "to64 result: #{result}" + Rails.logger.warn "to64 result: #{result}" end result end @@ -36,7 +36,7 @@ after_initialize do salt = salt[0, 8] magic = "$GT$" - Rails.logger.debug "MD5 magic: #{magic}" + Rails.logger.warn "MD5 magic: #{magic}" ctx = Digest::MD5.new ctx.update(password) @@ -67,46 +67,46 @@ after_initialize do end final_digest = ctx.digest - Rails.logger.debug "MD5 final_digest: #{final_digest}" + Rails.logger.warn "MD5 final_digest: #{final_digest}" 1000.times do |i| ctx1 = Digest::MD5.new if i & 1 != 0 - Rails.logger.debug "AAA" + Rails.logger.warn "AAA" ctx1.update(password) else - Rails.logger.debug "BBB" + Rails.logger.warn "BBB" ctx1.update(final_digest) end ctx1.update(salt) if i % 3 != 0 ctx1.update(password) if i % 7 != 0 if i & 1 != 0 - Rails.logger.debug "CCC" + Rails.logger.warn "CCC" ctx1.update(final_digest) else - Rails.logger.debug "DDD" + Rails.logger.warn "DDD" ctx1.update(password) end final_digest = ctx1.digest end - Rails.logger.debug "MD6 final_digest: #{final_digest}" + Rails.logger.warn "MD6 final_digest: #{final_digest}" result = String.new - Rails.logger.debug "A result: #{result}" + Rails.logger.warn "A result: #{result}" result << to64((final_digest[0].ord << 16) | (final_digest[6].ord << 8) | final_digest[12].ord, 4) - Rails.logger.debug "B result: #{result}" + Rails.logger.warn "B result: #{result}" result << to64((final_digest[1].ord << 16) | (final_digest[7].ord << 8) | final_digest[13].ord, 4) - Rails.logger.debug "C result: #{result}" + Rails.logger.warn "C result: #{result}" result << to64((final_digest[2].ord << 16) | (final_digest[8].ord << 8) | final_digest[14].ord, 4) - Rails.logger.debug "D result: #{result}" + Rails.logger.warn "D result: #{result}" result << to64((final_digest[3].ord << 16) | (final_digest[9].ord << 8) | final_digest[15].ord, 4) - Rails.logger.debug "E result: #{result}" + Rails.logger.warn "E result: #{result}" result << to64((final_digest[4].ord << 16) | (final_digest[10].ord << 8) | final_digest[5].ord, 4) - Rails.logger.debug "F result: #{result}" + Rails.logger.warn "F result: #{result}" result << to64(final_digest[11].ord, 2) - Rails.logger.debug "G result: #{result}" + Rails.logger.warn "G result: #{result}" - Rails.logger.debug "magic salt result #{magic}#{salt}$#{result}" + Rails.logger.warn "magic salt result #{magic}#{salt}$#{result}" "#{magic}#{salt}$#{result}" end @@ -137,14 +137,14 @@ after_initialize do custom_password_md5 = user.custom_fields['custom_password_md5'] # Check for MD5 password in custom field - Rails.logger.debug "Check for MD5 password in custom field" + Rails.logger.warn "Check for MD5 password in custom field" if custom_password_md5.present? # MD5 password is present - Rails.logger.debug "MD5 password is present custom_password_md5: #{custom_password_md5} password: #{password}" + Rails.logger.warn "MD5 password is present custom_password_md5: #{custom_password_md5} password: #{password}" if verify_gossamer_password(password, custom_password_md5) # MD5 matches, so update the user's password to the new one, remove the custom field and ensure user is set to active and approved - Rails.logger.debug "MD5 matches" + Rails.logger.warn "MD5 matches" # Set password using Discourse's current standards, ensuring correct hashing, with exception check for the same password as that alaedy stored in Discourse user.password = password @@ -169,14 +169,14 @@ after_initialize do token_hash: token_hash, confirmed: true ) - Rails.logger.debug("Generated token for user #{user.username}: #{token}") + Rails.logger.warn("Generated token for user #{user.username}: #{token}") # # Initialize UserAuthenticator with user and session # authenticator = UserAuthenticator.new(user, session) # # Generate a salted password hash for the new password # hashed_password = authenticator.password_digest(password) - # Rails.logger.debug "NEW hashed_password #{hashed_password}" + # Rails.logger.warn "NEW hashed_password #{hashed_password}" # # Update the user object with all changes # user.assign_attributes( # password_hash: hashed_password, @@ -189,25 +189,25 @@ after_initialize do # if user.save - # Rails.logger.debug "User changes saved: #{user.username}" + # Rails.logger.warn "User changes saved: #{user.username}" # else - # Rails.logger.debug "User changes FAILED: #{user.errors.full_messages}" + # Rails.logger.warn "User changes FAILED: #{user.errors.full_messages}" # invalid_credentials # return # end - Rails.logger.debug "Updated user: #{user.id}" + Rails.logger.warn "Updated user: #{user.id}" else # MD5 doesn't match, so we have a failed login attempt. - Rails.logger.debug "MD5 Password incorrect for user: #{user.id}" + Rails.logger.warn "MD5 Password incorrect for user: #{user.id}" invalid_credentials return end elsif !user.confirm_password?(password) # There is no MD5 password and the password was incorrect. - Rails.logger.debug "Password incorrect for user: #{user.id}" + Rails.logger.warn "Password incorrect for user: #{user.id}" invalid_credentials return end