v0.9.6 -- single class -- checking if this helps us with a couple of issues

2024-06-17 18:41:06 +10:00 · 2024-06-17 18:41:06 +10:00 · ccc85e3856
commit ccc85e3856
parent bea57091b2
1 changed files with 16 additions and 11 deletions
--- a/plugin.rb
+++ b/plugin.rb
@ -4,7 +4,7 @@

 # name: discourse-md5_authentication
 # about: A plugin to authenticate users with MD5 passwords from legacy systems
-# version: 0.9.5
+# version: 0.9.6
 # authors: saint
 # url: https://gitea.federated.computer/saint/discourse-md5_authentication.git

@ -38,15 +38,20 @@ after_initialize do

        # Check for MD5 password in custom field
        if custom_password_md5.present?
-          Rails.logger.debug "MD6 password is present. custom_password_md5: #{custom_password_md5}, password: #{password}"
+          Rails.logger.debug "MD5 password is present. custom_password_md5: #{custom_password_md5}, password: #{password}"

          # Extract the salt from the legacy hash
          parts = custom_password_md5.split('$')
-          Rails.logger.debug "MD7"
+          Rails.logger.debug "Split parts: #{parts.inspect}"
+
+          if parts.length >= 3
            salt = parts[2][0, 8]
-          Rails.logger.debug "MD8"
+          else
+            Rails.logger.debug "Invalid MD5 format for custom_password_md5: #{custom_password_md5}"
+            return invalid_credentials
+          end
+
          magic = "$GT$"
-          Rails.logger.debug "MD9"
          Rails.logger.debug "MD5 magic: #{magic}, salt: #{salt}"

          # Create initial MD5 context
@ -60,7 +65,7 @@ after_initialize do
          final.update(password)
          final.update(salt)
          final.update(password)
-          final_digest = final.digest
+          final_digest = final.digest.dup  # Ensure final_digest is not frozen

          # Perform password length operations
          password_length = password.length
@ -79,7 +84,7 @@ after_initialize do
            password_length >>= 1
          end

-          final_digest = ctx.digest
+          final_digest = ctx.digest.dup  # Ensure final_digest is not frozen
          Rails.logger.debug "MD5 final_digest after initial operations: #{final_digest}"

          # Perform 1000 iterations of MD5 hashing
@ -88,16 +93,16 @@ after_initialize do
            if i & 1 != 0
              ctx1.update(password)
            else
-              ctx1.update(final_digest)
+              ctx1.update(final_digest.dup)  # Ensure final_digest is not frozen
            end
            ctx1.update(salt) if i % 3 != 0
            ctx1.update(password) if i % 7 != 0
            if i & 1 != 0
-              ctx1.update(final_digest)
+              ctx1.update(final_digest.dup)  # Ensure final_digest is not frozen
            else
              ctx1.update(password)
            end
-            final_digest = ctx1.digest
+            final_digest = ctx1.digest.dup  # Ensure final_digest is not frozen
          end

          # Convert final digest to the hashed password format