search

gevorg / htpasswd

Node.js package for HTTP Basic Authentication password file utility.
MIT License
57 stars 10 forks source link

BUG: -i only work when storing plain-text password #11

Open 1000i100 opened 3 years ago

1000i100 commented 3 years ago 
$ npx htpasswd -bBc htpasswd prototype 7ba4845
Adding password for user prototype.

$ npx htpasswd -v htpasswd prototype
New password:
Re-type new password:
Password for user prototype correct.

but : 

$ echo 7ba4845 | npx htpasswd -iBc htpasswd prototype
Adding password for user prototype.

$ npx htpasswd -v htpasswd prototype
New password:
Re-type new password:
Password verification failed.

It's the same if i use : 

$ npx htpasswd -bc htpasswd prototype 7ba4845
$ npx htpasswd -v htpasswd prototype
correct
$ echo 7ba4845 | npx htpasswd -ic htpasswd prototype
$ npx htpasswd -v htpasswd prototype
failed

but in plain text it work : 

$ npx htpasswd -bpc htpasswd prototype 7ba4845
$ npx htpasswd -v htpasswd prototype
correct
$ echo 7ba4845 | npx htpasswd -ipc htpasswd prototype
$ npx htpasswd -v htpasswd prototype
correct
te-online commented 1 year ago

I have a feeling this never worked, as the chunk param here is a Buffer and ends with a newline.

We can create a patch like this to fix the feature:

-    password += chunk;
+    password += chunk.toString().replace(/\n/, '');

in https://github.com/gevorg/htpasswd/blob/69df40647b0fbbc93802086687510fee0a6a6dcc/src/processor.js#L124

@gevorg are you interested in releasing a new version of this module with a fix?