diff options
Diffstat (limited to 'app.rb')
| -rw-r--r-- | app.rb | 13 |
1 files changed, 11 insertions, 2 deletions
@@ -3,7 +3,7 @@ require 'sinatra' require 'json' require 'yaml' -require 'bcrypt' +require 'openssl' require 'mini_magick' require 'fileutils' require 'securerandom' @@ -164,6 +164,15 @@ helpers do parts.each_with_index.map { |p, i| { name: p, path: parts[0..i].join('/') } } end + def pbkdf2_verify(password, stored) + _algo, iterations, salt, expected_hex = stored.split('$') + actual = OpenSSL::PKCS5.pbkdf2_hmac(password, salt, iterations.to_i, 32, 'SHA256') + actual_hex = actual.unpack1('H*') + OpenSSL.fixed_length_secure_compare(actual_hex, expected_hex) + rescue + false + end + def blank_to_nil(s) v = s.to_s.strip v.empty? ? nil : v @@ -322,7 +331,7 @@ end post '/admin/login' do hash = APP_CONFIG[:admin_password_hash].to_s - if !hash.empty? && BCrypt::Password.new(hash) == params['password'] + if !hash.empty? && pbkdf2_verify(params['password'].to_s, hash) session[:admin] = true redirect params['return_to']&.start_with?('/') ? params['return_to'] : '/admin/edit/' else |