Add SMF 2.1 support to the SMF 2.0 authenticator

A SMF db could have both styles of password hashs. The update to bcrypt is only done when a user logs into the forum after updating. So need to support both inline. This adds python-bcrypt as a dependency to the SMF 2.0 authenticator even if SMF 2.1 is not in use.
author: Aaron Kling <webgeek1234@gmail.com> 2020-05-30 23:45:47 +0300
committer: Aaron Kling <webgeek1234@gmail.com> 2020-05-30 23:45:47 +0300
commit: 6e54bef85b49c69ada8ba9672e572227717fbe48 (patch)
tree: c45e026ea377e61ac74d1c56870a41c8f9876303
parent: f3e410a2d3fb398c8b0578615d3bf0815efacbad (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/Authenticators/SMF/2.0/smfauth.py b/Authenticators/SMF/2.0/smfauth.py
index 0209a8c..b8645b5 100755..100644
--- a/Authenticators/SMF/2.0/smfauth.py
+++ b/Authenticators/SMF/2.0/smfauth.py
@@ -46,6 +46,7 @@ import thread
 import urllib2
 import logging
 import ConfigParser
+import bcrypt
 
 from threading  import Timer
 from optparse   import OptionParser
@@ -805,7 +806,17 @@ def smf_check_hash(password, hash, username):
     """
     Python implementation of the smf check hash function
     """
-    return sha1(username.lower().encode('utf8') + password).hexdigest() == hash
+    ret = False
+
+    try:
+      # SMF 2.1 uses a bcrypt hash, try that first
+      ret = bcrypt.hashpw(username.lower().encode('utf-8') + password, hash.encode('utf-8')) == hash
+    except ValueError:
+      # The sha1 password hash from SMF 2.0 and earlier will cause a salt value error
+      # In that case, try the legacy sha1 hash
+      ret = sha1(username.lower().encode('utf8') + password).hexdigest() == hash
+
+    return ret
 
 #
 #--- Start of program
author	Aaron Kling <webgeek1234@gmail.com>	2020-05-30 23:45:47 +0300
committer	Aaron Kling <webgeek1234@gmail.com>	2020-05-30 23:45:47 +0300
commit	6e54bef85b49c69ada8ba9672e572227717fbe48 (patch)
tree	c45e026ea377e61ac74d1c56870a41c8f9876303
parent	f3e410a2d3fb398c8b0578615d3bf0815efacbad (diff)