github/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent synced 2025-07-11 15:56:17 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge pull request #9942 from Chocobo1/pbkdf2

Browse source 
Do password hashing properly
This commit is contained in:
Mike Tzou 2018-12-06 16:22:22 +08:00 committed by GitHub
commit 6bb4eb825b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 367 additions and 137 deletions
Download patch file Download diff file Expand all files Collapse all files

41
src/base/preferences.cpp
View file

@ -29,7 +29,6 @@
#include "preferences.h"
#include <QCryptographicHash>
#include <QDir>
#include <QLocale>
#include <QMutableListIterator>
@ -583,28 +582,16 @@ void Preferences::setWebUiUsername(const QString &username)
setValue("Preferences/WebUI/Username", username);
}
QString Preferences::getWebUiPassword() const
QByteArray Preferences::getWebUIPassword() const
{
QString passHa1 = value("Preferences/WebUI/Password_ha1").toString();
if (passHa1.isEmpty()) {
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData("adminadmin");
passHa1 = md5.result().toHex();
}
return passHa1;
// default: adminadmin
const QByteArray defaultValue = "ARQ77eY1NUZaQsuDHbIMCA==:0WMRkYTUWVT9wVvdDtHAjU9b3b7uB8NR1Gur2hmQCvCDpm39Q+PsJRJPaCU51dEiz+dTzh8qbPsL8WkFljQYFQ==";
return value("Preferences/WebUI/Password_PBKDF2", defaultValue).toByteArray();
}
void Preferences::setWebUiPassword(const QString &newPassword)
void Preferences::setWebUIPassword(const QByteArray &password)
{
// Do not overwrite current password with its hash
if (newPassword == getWebUiPassword())
return;
// Encode to md5 and save
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData(newPassword.toLocal8Bit());
setValue("Preferences/WebUI/Password_ha1", md5.result().toHex());
setValue("Preferences/WebUI/Password_PBKDF2", password);
}
bool Preferences::isWebUiClickjackingProtectionEnabled() const
@ -738,22 +725,14 @@ void Preferences::setDynDNSPassword(const QString &password)
}
// Advanced settings
void Preferences::clearUILockPassword()
QByteArray Preferences::getUILockPassword() const
{
setValue("Locking/password", QString());
return value("Locking/password_PBKDF2").toByteArray();
}
QString Preferences::getUILockPasswordMD5() const
void Preferences::setUILockPassword(const QByteArray &password)
{
return value("Locking/password").toString();
}
void Preferences::setUILockPassword(const QString &clearPassword)
{
QCryptographicHash md5(QCryptographicHash::Md5);
md5.addData(clearPassword.toLocal8Bit());
QString md5Password = md5.result().toHex();
setValue("Locking/password", md5Password);
setValue("Locking/password_PBKDF2", password);
}
bool Preferences::isUILocked() const