From 51591165441a6e95de16a8b1a7736f82ad41594c Mon Sep 17 00:00:00 2001 From: Jonathan Capps Date: Fri, 18 Apr 2025 13:16:48 +0100 Subject: [PATCH] fix: hash password befote saving on user create and password update --- Cargo.lock | 131 +++++++++++++++++- cosmic-settings/Cargo.toml | 5 +- cosmic-settings/src/pages/system/users/mod.rs | 12 +- 3 files changed, 137 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1f14812..b3802ef 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -847,6 +847,15 @@ version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0d8c1fef690941d3e7788d328517591fecc684c084084702d6ff1641e993699a" +[[package]] +name = "block-buffer" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" +dependencies = [ + "generic-array", +] + [[package]] name = "block-buffer" version = "0.10.4" @@ -878,6 +887,17 @@ dependencies = [ "piper", ] +[[package]] +name = "blowfish" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32fa6a061124e37baba002e496d203e23ba3d7b73750be82dbfbc92913048a5b" +dependencies = [ + "byteorder", + "cipher", + "opaque-debug", +] + [[package]] name = "bluez-zbus" version = "0.1.0" @@ -1160,6 +1180,15 @@ dependencies = [ "windows-link", ] +[[package]] +name = "cipher" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "12f8e7987cbd042a63249497f41aed09f8e65add917ea6566effbc56578d6801" +dependencies = [ + "generic-array", +] + [[package]] name = "clang-sys" version = "1.8.1" @@ -1708,6 +1737,7 @@ dependencies = [ "num-derive", "num-traits", "once_cell", + "pwhash", "regex", "ron 0.9.0", "rust-embed", @@ -1940,6 +1970,16 @@ dependencies = [ "typenum", ] +[[package]] +name = "crypto-mac" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bff07008ec701e8028e2ceb8f83f0e4274ee62bd2dbdc4fefff2e9a91824081a" +dependencies = [ + "generic-array", + "subtle", +] + [[package]] name = "css-color" version = "0.2.8" @@ -2152,13 +2192,22 @@ dependencies = [ "waker-fn", ] +[[package]] +name = "digest" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +dependencies = [ + "generic-array", +] + [[package]] name = "digest" version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ - "block-buffer", + "block-buffer 0.10.4", "crypto-common", ] @@ -3124,6 +3173,16 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dfa686283ad6dd069f105e5ab091b04c62850d3e4cf5d67debad1933f55023df" +[[package]] +name = "hmac" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1441c6b1e930e2817404b5046f1f989899143a12bf92de603b69f4e0aee1e15" +dependencies = [ + "crypto-mac", + "digest 0.9.0", +] + [[package]] name = "hostname-validator" version = "1.1.1" @@ -4786,6 +4845,17 @@ dependencies = [ "rayon", ] +[[package]] +name = "md-5" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5a279bb9607f9f53c22d496eade00d138d1bdcccd07d74650387cf94942a15" +dependencies = [ + "block-buffer 0.9.0", + "digest 0.9.0", + "opaque-debug", +] + [[package]] name = "memchr" version = "2.7.4" @@ -5485,6 +5555,12 @@ version = "1.21.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2806eaa3524762875e21c3dcd057bc4b7bfa01ce4da8d46be1cd43649e1cc6b" +[[package]] +name = "opaque-debug" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" + [[package]] name = "option-ext" version = "0.2.0" @@ -5967,6 +6043,21 @@ dependencies = [ "syn 1.0.109", ] +[[package]] +name = "pwhash" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "419a3ad8fa9f9d445e69d9b185a24878ae6e6f55c96e4512f4a0e28cd3bc5c56" +dependencies = [ + "blowfish", + "byteorder", + "hmac", + "md-5", + "rand", + "sha-1", + "sha2 0.9.9", +] + [[package]] name = "qoi" version = "0.4.1" @@ -6395,7 +6486,7 @@ version = "8.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5a2fcdc9f40c8dc2922842ca9add611ad19f332227fc651d015881ad1552bd9a" dependencies = [ - "sha2", + "sha2 0.10.8", "walkdir", ] @@ -6662,6 +6753,19 @@ dependencies = [ "syn 2.0.100", ] +[[package]] +name = "sha-1" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99cd6713db3cf16b6c84e06321e049a9b9f699826e16096d23bbcc44d15d51a6" +dependencies = [ + "block-buffer 0.9.0", + "cfg-if", + "cpufeatures", + "digest 0.9.0", + "opaque-debug", +] + [[package]] name = "sha1" version = "0.10.6" @@ -6670,7 +6774,20 @@ checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" dependencies = [ "cfg-if", "cpufeatures", - "digest", + "digest 0.10.7", +] + +[[package]] +name = "sha2" +version = "0.9.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" +dependencies = [ + "block-buffer 0.9.0", + "cfg-if", + "cpufeatures", + "digest 0.9.0", + "opaque-debug", ] [[package]] @@ -6681,7 +6798,7 @@ checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" dependencies = [ "cfg-if", "cpufeatures", - "digest", + "digest 0.10.7", ] [[package]] @@ -6946,6 +7063,12 @@ version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" +[[package]] +name = "subtle" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" + [[package]] name = "sunrise" version = "1.2.1" diff --git a/cosmic-settings/Cargo.toml b/cosmic-settings/Cargo.toml index 52c0abf..3a0dcfd 100644 --- a/cosmic-settings/Cargo.toml +++ b/cosmic-settings/Cargo.toml @@ -88,6 +88,7 @@ gettext-rs = { version = "0.7.2", features = [ async-fn-stream = "0.2.2" num-traits = "0.2" num-derive = "0.4" +pwhash = "1" [dependencies.cosmic-settings-subscriptions] git = "https://github.com/pop-os/cosmic-settings-subscriptions" @@ -156,9 +157,7 @@ page-input = [ "dep:cosmic-settings-config", "dep:udev", ] -page-legacy-applications = [ - "dep:cosmic-comp-config", -] +page-legacy-applications = ["dep:cosmic-comp-config"] page-networking = [ "xdg-portal", "dep:cosmic-dbus-networkmanager", diff --git a/cosmic-settings/src/pages/system/users/mod.rs b/cosmic-settings/src/pages/system/users/mod.rs index a7b9242..1aee0f1 100644 --- a/cosmic-settings/src/pages/system/users/mod.rs +++ b/cosmic-settings/src/pages/system/users/mod.rs @@ -11,6 +11,7 @@ use cosmic::{ widget::{self, Space, column, icon, row, settings, text}, }; use cosmic_settings_page::{self as page, Section, section}; +use pwhash::bcrypt; use regex::Regex; use slab::Slab; use slotmap::SlotMap; @@ -556,7 +557,7 @@ impl Page { self.dialog = None; let uid = user.id; - let password = user.password; + let password_hashed = bcrypt::hash(user.password).unwrap(); return cosmic::Task::future(async move { let Ok(conn) = zbus::Connection::system().await else { @@ -567,8 +568,10 @@ impl Page { return; }; - match request_permission_on_denial(&conn, || user.set_password(&password, "")) - .await + match request_permission_on_denial(&conn, || { + user.set_password(&password_hashed, "") + }) + .await { Err(why) => { tracing::error!(?why, "failed to set password"); @@ -652,9 +655,10 @@ impl Page { } }; + let password_hashed = bcrypt::hash(password).unwrap(); match accounts_zbus::UserProxy::new(&conn, user_object_path).await { Ok(user) => { - _ = user.set_password(&password, "").await; + _ = user.set_password(&password_hashed, "").await; _ = user.set_icon_file(DEFAULT_ICON_FILE).await }