github/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent synced 2025-07-16 02:03:07 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Apply PBKDF2 when storing passwords

Browse source
This commit is contained in:
Chocobo1 2018-11-21 15:15:51 +08:00
parent 8a6cac8338
commit 05d6a29416
No known key found for this signature in database
GPG key ID: 210D9C873253A68C
14 changed files with 208 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

24
src/base/preferences.cpp
View file

@ -582,28 +582,16 @@ void Preferences::setWebUiUsername(const QString &username)
setValue("Preferences/WebUI/Username", username);
}
QString Preferences::getWebUiPassword() const
QByteArray Preferences::getWebUIPassword() const
{
QString passHa1 = value("Preferences/WebUI/Password_ha1").toString();
if (passHa1.isEmpty()) {
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData("adminadmin");
passHa1 = md5.result().toHex();
}
return passHa1;
// default: adminadmin
const QByteArray defaultValue = "ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtHAjU9b3b7uB8NR1Gur2hmQCvCDpm39Q+PsJRJPaCU51dEiz+dTzh8qbPsL8WkFljQYFQ==";
return value("Preferences/WebUI/Password_PBKDF2", defaultValue).toByteArray();
}
void Preferences::setWebUiPassword(const QString &newPassword)
void Preferences::setWebUIPassword(const QByteArray &password)
{
// Do not overwrite current password with its hash
if (newPassword == getWebUiPassword())
return;
// Encode to md5 and save
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData(newPassword.toLocal8Bit());
setValue("Preferences/WebUI/Password_ha1", md5.result().toHex());
setValue("Preferences/WebUI/Password_PBKDF2", password);
}
bool Preferences::isWebUiClickjackingProtectionEnabled() const