Hachage algorithmic

Added by Hatim Rassili over 5 years ago

Hello

I develop in redmine some functionnalities when I need the algorithm used to hach the passwords in redmine

is there some one, who can explain to me the method, because I wanna do a test on the connexion, if the password and the identifier are right, open the page...

thanks :)

Replies (8)

RE: Hachage algorithmic - Added by William Roush over 5 years ago

Best bet: always consult source first.

https://bitbucket.org/redmine/redmine-all/src/c06f74894d2c/app/models/user.rb#cl-253

https://bitbucket.org/redmine/redmine-all/src/c06f74894d2c/app/models/user.rb#cl-636

https://bitbucket.org/redmine/redmine-all/src/c06f74894d2c/app/models/user.rb#cl-631

Random 16 char salt + SHA1 password in this format all hashed a second time:

User.hash_password("#{salt}#{User.hash_password clear_password}")

HOWEVER, I'd recommend you use the REST API (I believe there is one that'll provide log in), it'll lead to less broken stuff if Redmine changes anything.

RE: Hachage algorithmic - Added by Hatim Rassili over 5 years ago

excuse me, I'm not anglophone,I'm not very good in english language, for that i can't find ressources and documentations in english, but thanks you may help me with that I will try to understand,
for the API, Redmine is usable in the entreprise where I'm training, they want to modify some functionnalities in Redmine, for there needs, then this is my training subject, but I'm not good in ruby on rails, and the time of training is not enough to do formations and learn the technologie, for that, they suggested to me to add the pages that they recommand, with PHP, and couple the 2 technologies, but all the pages we want to do, requiere that the user to be connected, and I'm bolqued in front of the method to test the hashed passwords...that's all

RE: Hachage algorithmic - Added by Hatim Rassili over 5 years ago

can you explain to me the algorithm? (In frensh it will be better :) )

RE: Hachage algorithmic - Added by William Roush over 5 years ago

Hatim Rassili wrote:

can you explain to me the algorithm? (In frensh it will be better :) )

Hope we got someone on the board that can translate for me! I don't know French. :( Sorry.

I'm going to try to keep it basic, and in a language we both understand, PHP! This should do it:

Edit: this is wrong see my reply below

sha1('#' . $salt . '#' . sha1($password));

MySQL tables:

$salt is pulled from: users.salt

Compare the above code with: users.hashed_password

RE: Hachage algorithmic - Added by William Roush over 5 years ago

Here are the REST API, under "authentication".

http://www.redmine.org/projects/redmine/wiki/Rest_api

You can throw it through Google translate possibly, works for me when I need stuff translated:

http://translate.google.com/

RE: Hachage algorithmic - Added by Hatim Rassili over 5 years ago

Yes that's good I understand very well, but now the code is not correct, I tried with a password that I defined, My password in the redmine application

RE: Hachage algorithmic - Added by William Roush over 5 years ago

Sorry, rusty on my Ruby syntax:

sha1($salt . sha1($password));

RE: Hachage algorithmic - Added by Hatim Rassili over 5 years ago

aaah thanks, it works very well now, thank you, and take care of you, that's so kind from you

(1-8/8)