Add password hashing

The front-end now hashes passwords before sending them to the back-end.
It uses SHA-512.

This commit adds a hidden input which sends the password hash to not
interfere with browsers' save password functionality.

Also change passwords of the template configuration file for their
hashed/digested versions.

1 files changed, 24 insertions, 0 deletions

diff --git a/ogcp/static/js/ogcp.js b/ogcp/static/js/ogcp.js
index 86a9282..6a7e625 100644
--- a/ogcp/static/js/ogcp.js
+++ b/ogcp/static/js/ogcp.js
@@ -207,3 +207,27 @@ function RemovePartition(evt) {
         });
     });
 }
+
+async function digestMessage(msg) {
+    const msgUint8 = new TextEncoder().encode(msg);
+    const hashBuffer = await crypto.subtle.digest('SHA-512', msgUint8);
+    const hashArray = Array.from(new Uint8Array(hashBuffer));
+    const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
+    return hashHex;
+}
+
+function digestLoginPassword() {
+    const loginForm = $('#login-form')
+    loginForm.one('submit', async function (event) {
+        event.preventDefault()
+
+        const pwdInput = $('#pwd');
+        const pwdHashInput = $('#pwd_hash');
+        const pwdStr = pwdInput.val();
+        const pwdStrHash = await digestMessage(pwdStr);
+
+        pwdInput.prop( "disabled", true );
+        pwdHashInput.val(pwdStrHash);
+        $(this).submit()
+    });
+}