Support HashedPassword workflow for logins (#4469)

* Support HashedPassword workflow for logins * Address comments in PR
2026-04-27 07:48:01 -07:00 · 2021-11-13 11:37:13 -05:00 · 2021-11-13 11:37:13 -05:00 · 43eee6b32e
commit 43eee6b32e
parent 45d86e7ab7
8 changed files with 93 additions and 7 deletions
--- a/webclient/src/websocket/commands/SessionCommands.ts
+++ b/webclient/src/websocket/commands/SessionCommands.ts
@ -2,13 +2,14 @@ import {StatusEnum} from 'types';

 import {RoomPersistence, SessionPersistence} from '../persistence';
 import webClient from '../WebClient';
-import {guid} from '../utils';
+import {guid, hashPassword} from '../utils';
 import {WebSocketConnectReason, WebSocketOptions} from "../services/WebSocketService";
 import {
  AccountActivationParams,
  ForgotPasswordChallengeParams,
  ForgotPasswordParams,
  ForgotPasswordResetParams,
+  RequestPasswordSaltParams,
  ServerRegisterParams
 } from "../../store";
 import NormalizeService from "../utils/NormalizeService";
@ -36,14 +37,19 @@ export class SessionCommands {
    webClient.disconnect();
  }

-  static login(): void {
-    const loginConfig = {
+  static login(passwordSalt?: string): void {
+    const loginConfig: any = {
      ...webClient.clientConfig,
      userName: webClient.options.user,
-      password: webClient.options.pass,
      clientid: guid()
    };

+    if (passwordSalt) {
+      loginConfig.hashedPassword = hashPassword(passwordSalt, webClient.options.pass);
+    } else {
+      loginConfig.password = webClient.options.pass;
+    }
+
    const CmdLogin = webClient.protobuf.controller.Command_Login.create(loginConfig);

    const command = webClient.protobuf.controller.SessionCommand.create({
@ -110,6 +116,40 @@ export class SessionCommands {
    });
  }

+  static requestPasswordSalt(): void {
+    const options = webClient.options as unknown as RequestPasswordSaltParams;
+
+    const registerConfig = {
+      ...webClient.clientConfig,
+      userName: options.user,
+    };
+
+    const CmdRequestPasswordSalt = webClient.protobuf.controller.Command_RequestPasswordSalt.create(registerConfig);
+
+    const sc = webClient.protobuf.controller.SessionCommand.create({
+      ".Command_RequestPasswordSalt.ext" : CmdRequestPasswordSalt
+    });
+
+    webClient.protobuf.sendSessionCommand(sc, raw => {
+      switch (raw.responseCode) {
+        case webClient.protobuf.controller.Response.ResponseCode.RespOk:
+          const passwordSalt = raw[".Response_PasswordSalt.ext"].passwordSalt;
+          SessionCommands.login(passwordSalt);
+          break;
+
+        case webClient.protobuf.controller.Response.ResponseCode.RespRegistrationRequired:
+          SessionCommands.updateStatus(StatusEnum.DISCONNECTED, "Login failed: incorrect username or password");
+          SessionCommands.disconnect();
+          break;
+
+        default:
+          SessionCommands.updateStatus(StatusEnum.DISCONNECTED, "Login failed: Unknown Reason");
+          SessionCommands.disconnect();
+          break;
+      }
+    });
+  }
+
  static register(): void {
    const options = webClient.options as unknown as ServerRegisterParams;