allow login using hashed passwords (#4464)

* Support getting a user's password salt via initial websocket connection (added to Event_ServerIdentification) * Nonsense stuff to figure out later * move passwordhasher to correct location * protobuf changes * add ext to protobuf * implement request password salt server side * add supportspasswordhash to server identification * check backwards compatibility * reset some changes to master * implement get password salt client side * implement checking hashed passwords on server login * check for registration requirement on getting password salt * properly check password salt response and show errors * remove unused property * add password salt to list of response types Co-authored-by: ZeldaZach <zahalpern+github@gmail.com>
2026-04-27 07:48:01 -07:00 · 2021-11-10 02:00:41 +01:00 · 2021-11-10 02:00:41 +01:00 · 45d86e7ab7
commit 45d86e7ab7
parent b0845837c2
23 changed files with 193 additions and 26 deletions
--- a/servatrice/src/servatrice_database_interface.cpp
+++ b/servatrice/src/servatrice_database_interface.cpp
@ -287,7 +287,8 @@ AuthenticationResult Servatrice_DatabaseInterface::checkUserPassword(Server_Prot
                                                                     const QString &password,
                                                                     const QString &clientId,
                                                                     QString &reasonStr,
-                                                                     int &banSecondsLeft)
+                                                                     int &banSecondsLeft,
+                                                                     bool passwordNeedsHash)
 {
    switch (server->getAuthenticationMethod()) {
        case Servatrice::AuthenticationNone:
@ -324,7 +325,13 @@ AuthenticationResult Servatrice_DatabaseInterface::checkUserPassword(Server_Prot
                    qDebug("Login denied: user not active");
                    return UserIsInactive;
                }
-                if (correctPassword == PasswordHasher::computeHash(password, correctPassword.left(16))) {
+                QString hashedPassword;
+                if (passwordNeedsHash) {
+                    hashedPassword = PasswordHasher::computeHash(password, correctPassword.left(16));
+                } else {
+                    hashedPassword = password;
+                }
+                if (correctPassword == hashedPassword) {
                    qDebug("Login accepted: password right");
                    return PasswordRight;
                } else {
@ -490,6 +497,28 @@ bool Servatrice_DatabaseInterface::userExists(const QString &user)
    return false;
 }

+QString Servatrice_DatabaseInterface::getUserSalt(const QString &user)
+{
+    if (server->getAuthenticationMethod() == Servatrice::AuthenticationSql) {
+        checkSql();
+
+        QSqlQuery *query =
+            prepareQuery("SELECT SUBSTRING(password_sha512, 1, 16) FROM {prefix}_users WHERE name = :name");
+
+        query->bindValue(":name", user);
+        if (!execSqlQuery(query)) {
+            return {};
+        }
+
+        if (!query->next()) {
+            return {};
+        }
+
+        return query->value(0).toString();
+    }
+    return {};
+}
+
 int Servatrice_DatabaseInterface::getUserIdInDB(const QString &name)
 {
    if (server->getAuthenticationMethod() == Servatrice::AuthenticationSql) {