mirror of
https://github.com/penpot/penpot.git
synced 2025-01-22 14:39:45 -05:00
✨ Replace buddy-hashers with sodi.pwhash.
This commit is contained in:
parent
19529408f4
commit
6a99345475
9 changed files with 32 additions and 61 deletions
7
.gitignore
vendored
7
.gitignore
vendored
|
@ -8,15 +8,14 @@ pom.xml
|
|||
.lein-plugins/
|
||||
.repl
|
||||
.nrepl-port
|
||||
.cpcache
|
||||
.rebel_readline_history
|
||||
/vendor/**/target
|
||||
node_modules
|
||||
/backend/.cpcache
|
||||
/backend/target/
|
||||
/backend/resources/public/media
|
||||
/backend/dist/
|
||||
/backend/-
|
||||
/backend/.rebel_readline_history
|
||||
/frontend/.rebel_readline_history
|
||||
/frontend/.cpcache
|
||||
/frontend/npm-debug.log
|
||||
/frontend/target/
|
||||
/frontend/dist/
|
||||
|
|
|
@ -34,15 +34,15 @@
|
|||
hiccup/hiccup {:mvn/version "1.0.5"}
|
||||
org.im4java/im4java {:mvn/version "1.4.0"}
|
||||
|
||||
buddy/buddy-sign {:mvn/version "3.1.0"}
|
||||
buddy/buddy-hashers {:mvn/version "1.4.0"}
|
||||
|
||||
org.xerial.snappy/snappy-java {:mvn/version "1.1.7.3"}
|
||||
com.github.spullara.mustache.java/compiler {:mvn/version "0.9.6"}
|
||||
commons-io/commons-io {:mvn/version "2.6"}
|
||||
com.draines/postal {:mvn/version "2.0.3"
|
||||
:exclusions [commons-codec/commons-codec]}
|
||||
|
||||
funcool/sodi {:local/root "vendor/sodi"
|
||||
:deps/manifest :pom}
|
||||
|
||||
;; exception printing
|
||||
io.aviso/pretty {:mvn/version "0.1.37"}
|
||||
|
||||
|
|
|
@ -2,16 +2,16 @@
|
|||
;; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;;
|
||||
;; Copyright (c) 2017 Andrey Antukh <niwi@niwi.nz>
|
||||
;; This Source Code Form is "Incompatible With Secondary Licenses", as
|
||||
;; defined by the Mozilla Public License, v. 2.0.
|
||||
;;
|
||||
;; Copyright (c) 2017-2020 Andrey Antukh <niwi@niwi.nz>
|
||||
|
||||
(ns uxbox.config
|
||||
"A configuration management."
|
||||
(:require
|
||||
[clojure.java.io :as io]
|
||||
[clojure.tools.logging :as log]
|
||||
[clojure.edn :as edn]
|
||||
[cuerdas.core :as str]
|
||||
[buddy.core.hash :as hash]
|
||||
[environ.core :refer [env]]
|
||||
[mount.core :refer [defstate]]
|
||||
[uxbox.common.exceptions :as ex]))
|
||||
|
@ -74,14 +74,14 @@
|
|||
|
||||
;; --- Secret Loading & Parsing
|
||||
|
||||
(defn- initialize-secret
|
||||
[config]
|
||||
(let [secret (:secret config)]
|
||||
(when-not secret
|
||||
(ex/raise :code ::missing-secret-key
|
||||
:message "Missing `:secret` key in config."))
|
||||
(hash/blake2b-256 secret)))
|
||||
|
||||
(defstate secret
|
||||
:start (initialize-secret config))
|
||||
;; (defn- initialize-secret
|
||||
;; [config]
|
||||
;; (let [secret (:secret config)]
|
||||
;; (when-not secret
|
||||
;; (ex/raise :code ::missing-secret-key
|
||||
;; :message "Missing `:secret` key in config."))
|
||||
;; (hash/blake2b-256 secret)))
|
||||
;;
|
||||
;; (defstate secret
|
||||
;; :start (initialize-secret config))
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
"A initial fixtures."
|
||||
(:require
|
||||
[clojure.tools.logging :as log]
|
||||
[buddy.hashers :as hashers]
|
||||
[sodi.pwhash :as pwhash]
|
||||
[mount.core :as mount]
|
||||
[promesa.core :as p]
|
||||
[uxbox.config :as cfg]
|
||||
|
@ -30,7 +30,7 @@
|
|||
values ($1, $2, $3, $4, $5, $6)
|
||||
returning *;")
|
||||
|
||||
(def password (hashers/encrypt "123123"))
|
||||
(def password (pwhash/derive "123123"))
|
||||
|
||||
(defn create-user
|
||||
[conn user-index]
|
||||
|
@ -185,7 +185,6 @@
|
|||
[& args]
|
||||
(try
|
||||
(-> (mount/only #{#'uxbox.config/config
|
||||
#'uxbox.config/secret
|
||||
#'uxbox.core/system
|
||||
#'uxbox.db/pool
|
||||
#'uxbox.migrations/migrations})
|
||||
|
|
|
@ -46,6 +46,7 @@
|
|||
|
||||
routes [["/sub/:file-id" {:interceptors [(vxi/cookies)
|
||||
(vxi/cors cors-opts)
|
||||
interceptors/format-response-body
|
||||
(session/auth)]
|
||||
:get ws/handler}]
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
(ns uxbox.services.mutations.auth
|
||||
(:require
|
||||
[clojure.spec.alpha :as s]
|
||||
[buddy.hashers :as hashers]
|
||||
[sodi.pwhash :as pwhash]
|
||||
[promesa.core :as p]
|
||||
[uxbox.config :as cfg]
|
||||
[uxbox.common.exceptions :as ex]
|
||||
|
@ -32,7 +32,8 @@
|
|||
(sm/defmutation ::login
|
||||
[{:keys [username password scope] :as params}]
|
||||
(letfn [(check-password [user password]
|
||||
(hashers/check password (:password user)))
|
||||
(let [result (pwhash/verify password (:password user))]
|
||||
(:valid result)))
|
||||
|
||||
(check-user [user]
|
||||
(when-not user
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
(ns uxbox.services.mutations.users
|
||||
(:require
|
||||
[buddy.hashers :as hashers]
|
||||
[sodi.pwhash :as pwhash]
|
||||
[clojure.spec.alpha :as s]
|
||||
[datoteka.core :as fs]
|
||||
[datoteka.storages :as ds]
|
||||
|
@ -26,7 +26,6 @@
|
|||
strip-private-attrs
|
||||
resolve-thumbnail]]
|
||||
[uxbox.util.blob :as blob]
|
||||
[uxbox.util.token :as token]
|
||||
[uxbox.util.uuid :as uuid]
|
||||
[vertx.core :as vc]))
|
||||
|
||||
|
@ -94,11 +93,12 @@
|
|||
|
||||
(defn- validate-password
|
||||
[conn {:keys [user old-password] :as params}]
|
||||
(p/let [profile (get-profile conn user)]
|
||||
(when-not (hashers/check old-password (:password profile))
|
||||
(p/let [profile (get-profile conn user)
|
||||
result (pwhash/verify old-password (:password profile))]
|
||||
(when-not (:valid result)
|
||||
(ex/raise :type :validation
|
||||
:code ::old-password-not-match))
|
||||
params))
|
||||
params))
|
||||
|
||||
(defn update-password
|
||||
[conn {:keys [user password]}]
|
||||
|
@ -194,7 +194,7 @@
|
|||
[conn {:keys [id username fullname email password metadata] :as params}]
|
||||
(let [id (or id (uuid/next))
|
||||
metadata (blob/encode metadata)
|
||||
password (hashers/encrypt password)
|
||||
password (pwhash/derive password)
|
||||
sqlv [create-user-sql
|
||||
id
|
||||
fullname
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
;; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
;; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
;; file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
;;
|
||||
;; Copyright (c) 2016 Andrey Antukh <niwi@niwi.nz>
|
||||
|
||||
(ns uxbox.util.token
|
||||
"Facilities for generate random tokens."
|
||||
(:require [buddy.core.nonce :as nonce]
|
||||
[buddy.core.hash :as hash]
|
||||
[buddy.core.codecs :as codecs]
|
||||
[buddy.core.codecs.base64 :as b64]))
|
||||
|
||||
(defn random
|
||||
"Returns a 32 bytes randomly generated token
|
||||
with 1024 random seed. The output is encoded
|
||||
using urlsafe variant of base64."
|
||||
[]
|
||||
(-> (nonce/random-bytes 1024)
|
||||
(hash/blake2b-256)
|
||||
(b64/encode true)
|
||||
(codecs/bytes->str)))
|
||||
|
||||
|
|
@ -129,10 +129,6 @@
|
|||
(assign-status-and-headers! res data)
|
||||
(-handle-body body res)))
|
||||
|
||||
;; ServerWebSocket
|
||||
;; (-handle-response [sws ctx]
|
||||
;; (.accept ^ServerWebSocket sws))
|
||||
|
||||
nil
|
||||
(-handle-response [sws ctx]))
|
||||
|
||||
|
@ -140,7 +136,6 @@
|
|||
(Class/forName "[B")
|
||||
(-handle-body [data res]
|
||||
(.end ^HttpServerResponse res (Buffer/buffer data)))
|
||||
|
||||
Buffer
|
||||
(-handle-body [data res]
|
||||
(.end ^HttpServerResponse res ^Buffer data))
|
||||
|
|
Loading…
Add table
Reference in a new issue