From a27d2ed558f92745a98dc95abdab5426adc2b642 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ste=CC=81phane=20Cottin?= Date: Thu, 10 Oct 2024 10:15:16 +0200 Subject: [PATCH] add SHA support to htpasswd --- crypto.go | 25 +++++++++++++++++++++++-- crypto_test.go | 28 +++++++++++++++++++--------- docs/crypto.md | 4 ++-- 3 files changed, 44 insertions(+), 13 deletions(-) diff --git a/crypto.go b/crypto.go index 75fe027e..b63623e8 100644 --- a/crypto.go +++ b/crypto.go @@ -66,11 +66,32 @@ func bcrypt(input string) string { return string(hash) } -func htpasswd(username string, password string) string { +func hashSha(password string) string { + s := sha1.New() + s.Write([]byte(password)) + passwordSum := []byte(s.Sum(nil)) + return base64.StdEncoding.EncodeToString(passwordSum) +} + +// HashAlgorithm enum for hashing algorithms +type HashAlgorithm string + +const ( + // HashBCrypt bcrypt - recommended + HashBCrypt = "bcrypt" + HashSHA = "sha" +) + +func htpasswd(username string, password string, hashAlgorithm HashAlgorithm) string { if strings.Contains(username, ":") { return fmt.Sprintf("invalid username: %s", username) } - return fmt.Sprintf("%s:%s", username, bcrypt(password)) + switch hashAlgorithm { + case HashSHA: + return fmt.Sprintf("%s:{SHA}%s", username, hashSha(password)) + default: + return fmt.Sprintf("%s:%s", username, bcrypt(password)) + } } func randBytes(count int) (string, error) { diff --git a/crypto_test.go b/crypto_test.go index ac3f43b9..fc34ee0a 100644 --- a/crypto_test.go +++ b/crypto_test.go @@ -65,20 +65,23 @@ func TestBcrypt(t *testing.T) { } type HtpasswdCred struct { - Username string - Password string - Valid bool + Username string + Password string + HashAlgorithm HashAlgorithm + Valid bool } func TestHtpasswd(t *testing.T) { expectations := []HtpasswdCred{ - {Username: "myUser", Password: "myPassword", Valid: true}, - {Username: "special'o79Cv_*qFe,)