From c7b0024d2405d29e5c36445b6d28af046b2213f1 Mon Sep 17 00:00:00 2001
From: Javier Sánchez Parra <jsanchez@soleta.eu>
Date: Thu, 21 Apr 2022 17:30:12 +0200
Subject: Add password hashing

The front-end now hashes passwords before sending them to the back-end.
It uses SHA-512.

This commit adds a hidden input which sends the password hash to not
interfere with browsers' save password functionality.

Also change passwords of the template configuration file for their
hashed/digested versions.
---
 ogcp/static/js/ogcp.js | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'ogcp/static/js/ogcp.js')

diff --git a/ogcp/static/js/ogcp.js b/ogcp/static/js/ogcp.js
index 86a9282..6a7e625 100644
--- a/ogcp/static/js/ogcp.js
+++ b/ogcp/static/js/ogcp.js
@@ -207,3 +207,27 @@ function RemovePartition(evt) {
         });
     });
 }
+
+async function digestMessage(msg) {
+    const msgUint8 = new TextEncoder().encode(msg);
+    const hashBuffer = await crypto.subtle.digest('SHA-512', msgUint8);
+    const hashArray = Array.from(new Uint8Array(hashBuffer));
+    const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
+    return hashHex;
+}
+
+function digestLoginPassword() {
+    const loginForm = $('#login-form')
+    loginForm.one('submit', async function (event) {
+        event.preventDefault()
+
+        const pwdInput = $('#pwd');
+        const pwdHashInput = $('#pwd_hash');
+        const pwdStr = pwdInput.val();
+        const pwdStrHash = await digestMessage(pwdStr);
+
+        pwdInput.prop( "disabled", true );
+        pwdHashInput.val(pwdStrHash);
+        $(this).submit()
+    });
+}
-- 
cgit v1.2.3-18-g5258