mirror of
https://github.com/inverse-inc/sogo.git
synced 2026-07-05 16:35:10 +00:00
Bump userkey length from 64 to 160 bytes
Allows for much longer username@domain:password strings. Fixes #2212 To bump it further, the database schema will have to be updated to allow a longer c_value (currently 255 chars)
This commit is contained in:
@@ -55,6 +55,12 @@
|
||||
#endif
|
||||
#import "SOGoWebAuthenticator.h"
|
||||
|
||||
#define COOKIE_SESSIONKEY_LEN 16
|
||||
/* the key b64 encoded key XORed with the cookie value
|
||||
* must fit in the database field which is 255 char long at the moment
|
||||
*/
|
||||
#define COOKIE_USERKEY_LEN 160
|
||||
|
||||
@implementation SOGoWebAuthenticator
|
||||
|
||||
+ (id) sharedSOGoWebAuthenticator
|
||||
@@ -369,8 +375,8 @@
|
||||
// In memcached, the session key will be associated to the user's password
|
||||
// which will be XOR'ed with the user key.
|
||||
//
|
||||
sessionKey = [SOGoSession generateKeyForLength: 16];
|
||||
userKey = [SOGoSession generateKeyForLength: 64];
|
||||
sessionKey = [SOGoSession generateKeyForLength: COOKIE_SESSIONKEY_LEN];
|
||||
userKey = [SOGoSession generateKeyForLength: COOKIE_USERKEY_LEN];
|
||||
|
||||
NSString *value = [NSString stringWithFormat: @"%@:%@", username, password];
|
||||
securedPassword = [SOGoSession securedValue: value usingKey: userKey];
|
||||
|
||||
Reference in New Issue
Block a user