2022-10-06 Fred Gleason <fredg@paravelsystems.com>

* Changed the length of the 'USERS.PASSWORD' field in the database to 191 characters. * Applied Base64 encoding to the 'USERS.PASSWORD' field in the database. * Incremented the database version to 359. Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
2025-05-29 07:02:34 +02:00 · 2022-10-06 16:04:01 -04:00 · 2022-10-06 16:04:01 -04:00 · 285a095ada
commit 285a095ada
parent 7ab98c85c1
7 changed files with 87 additions and 7 deletions
--- a/6
+++ b/6
@ -23459,3 +23459,9 @@
 2022-10-06 Fred Gleason <fredg@paravelsystems.com>
 	* Fixed a bug in the 'Software Authority' switcher driver in ripcd(8)
 	that broke automatic reconnection.
+2022-10-06 Fred Gleason <fredg@paravelsystems.com>
+	* Changed the length of the 'USERS.PASSWORD' field in the database
+	to 191 characters.
+	* Applied Base64 encoding to the 'USERS.PASSWORD' field in the
+	database.
+	* Incremented the database version to 359.
--- a/docs/tables/users.txt
+++ b/docs/tables/users.txt
@ -10,7 +10,7 @@ FULL_NAME            varchar(191)     Indexed
 EMAIL_ADDRESS        varchar(191)
 PHONE_NUMBER         varchar(20)
 DESCRIPTION          varchar(191)
-PASSWORD             varchar(32)      Not-NULL, Hashed
+PASSWORD             varchar(191)     Base64 encoded
 WEBAPI_AUTH_TIMEOUT  int(11) signed   Seconds
 ENABLE_WEB           enum('N','Y')
 LOCAL_AUTH           enum('N','Y')
--- a/lib/dbversion.h
+++ b/lib/dbversion.h
@ -24,7 +24,7 @@
 /*
 * Current Database Version
 */
-#define RD_VERSION_DATABASE 358
+#define RD_VERSION_DATABASE 359


 #endif  // DBVERSION_H
--- a/lib/rduser.cpp
+++ b/lib/rduser.cpp
@ -102,8 +102,13 @@ bool RDUser::authenticated(bool webuser) const
      "`LOGIN_NAME`,"+
      "`ENABLE_WEB` "+
      "from `USERS` where "+
-      "`LOGIN_NAME`='"+RDEscapeString(user_name)+"' && "+
-      "`PASSWORD`='"+RDEscapeString(user_password)+"'";
+      "`LOGIN_NAME`='"+RDEscapeString(user_name)+"' && ";
+    if(user_password.isEmpty()) {
+      sql+="`PASSWORD` is null";
+    }
+    else {
+      sql+="`PASSWORD`='"+RDEscapeString(user_password.toUtf8().toBase64())+"'";
+    }
    q=new RDSqlQuery(sql);
    if(q->first()) {
      bool ret=RDBool(q->value(1).toString())||
@ -134,14 +139,15 @@ bool RDUser::checkPassword(const QString &password,bool webuser)

 QString RDUser::password() const
 {
-  return RDGetSqlValue("USERS","LOGIN_NAME",user_name,"PASSWORD").toString();
+  return QByteArray::fromBase64(RDGetSqlValue("USERS","LOGIN_NAME",user_name,
+					      "PASSWORD").toString().toUtf8());
 }


 void RDUser::setPassword(const QString &password)
 {
  user_password=password;
-  SetRow("PASSWORD",password);
+  SetRow("PASSWORD",QString(password.toUtf8().toBase64()));
 }


--- a/utils/rddbmgr/revertschema.cpp
+++ b/utils/rddbmgr/revertschema.cpp
@ -41,6 +41,38 @@ bool MainObject::RevertSchema(int cur_schema,int set_schema,QString *err_msg)
  // NEW SCHEMA REVERSIONS GO HERE...


+  //
+  // Revert 359
+  //
+  if((cur_schema==359)&&(set_schema<cur_schema)) {
+    sql=QString("select ")+
+      "`LOGIN_NAME`,"+  // 00
+      "`PASSWORD` "+    // 01
+      "from `USERS`";
+    q=new RDSqlQuery(sql);
+    while(q->next()) {
+      sql=QString("update `USERS` set ");
+      if(q->value(1).isNull()) {
+	sql+="`PASSWORD`='' ";
+      }
+      else {
+	sql+="`PASSWORD`='"+
+	  RDEscapeString(QByteArray::fromBase64(q->value(1).toString().toUtf8()))+"' ";
+      }
+      sql+="where `LOGIN_NAME`='"+RDEscapeString(q->value(0).toString())+"'";
+      if(!RDSqlQuery::apply(sql,err_msg)) {
+	return false;
+      }
+    }
+    delete q;
+    sql=QString("alter table `USERS` ")+
+      "modify column `PASSWORD` varchar(32)";
+    if(!RDSqlQuery::apply(sql,err_msg)) {
+      return false;
+    }
+    WriteSchemaVersion(--cur_schema);
+  }
+
  //
  // Revert 358
  //
--- a/utils/rddbmgr/schemamap.cpp
+++ b/utils/rddbmgr/schemamap.cpp
@ -160,7 +160,7 @@ void MainObject::InitializeSchemaMap() {
  global_version_map["3.4"]=317;
  global_version_map["3.5"]=346;
  global_version_map["3.6"]=347;
-  global_version_map["4.0"]=358;
+  global_version_map["4.0"]=359;
 }


--- a/utils/rddbmgr/updateschema.cpp
+++ b/utils/rddbmgr/updateschema.cpp
@ -11046,6 +11046,42 @@ bool MainObject::UpdateSchema(int cur_schema,int set_schema,QString *err_msg)
    WriteSchemaVersion(++cur_schema);
  }

+  if((cur_schema<359)&&(set_schema>cur_schema)) {
+    sql=QString("update `RDAIRPLAY` set ")+
+      "`EXIT_PASSWORD`=NULL "+
+      "where `EXIT_PASSWORD`=''";
+    if(!RDSqlQuery::apply(sql,err_msg)) {
+      return false;
+    }
+
+    sql=QString("alter table `USERS` ")+
+      "modify column `PASSWORD` varchar(191)";
+    if(!RDSqlQuery::apply(sql,err_msg)) {
+      return false;
+    }
+    sql=QString("select ")+
+      "`LOGIN_NAME`,"+  // 00
+      "`PASSWORD` "+    // 01
+      "from `USERS`";
+    q=new RDSqlQuery(sql);
+    while(q->next()) {
+      sql=QString("update `USERS` set ");
+      if(q->value(1).toString().isEmpty()) {
+	sql+="`PASSWORD`=NULL ";
+      }
+      else {
+	sql+=QString("`PASSWORD`=")+
+	  "'"+RDEscapeString(q->value(1).toString().toUtf8().toBase64())+"' ";
+      }
+      sql+="where `LOGIN_NAME`='"+RDEscapeString(q->value(0).toString())+"'";
+      if(!RDSqlQuery::apply(sql,err_msg)) {
+	return false;
+      }
+    }
+    delete q;
+
+    WriteSchemaVersion(++cur_schema);
+  }


  // NEW SCHEMA UPDATES GO HERE...