From 395249972e843c3b9db2752e3b5a1ac1ffb039f2 Mon Sep 17 00:00:00 2001 From: DanyLE Date: Fri, 2 Sep 2022 20:09:46 +0200 Subject: [PATCH] add salt to sessionid hash --- os/controllers/UserController.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/os/controllers/UserController.lua b/os/controllers/UserController.lua index 5e16460..c237326 100644 --- a/os/controllers/UserController.lua +++ b/os/controllers/UserController.lua @@ -43,7 +43,8 @@ function UserController:login(...) local request = JSON.decodeString(REQUEST.json) local r = ulib.auth(request.username,request.password) if r == true then - local cookie = {sessionid=std.sha1(request.username..request.password)} -- iotos_user = request.username + local salt = utils.generate_salt(20) + local cookie = {sessionid=std.sha1(request.username..request.password..salt)} -- iotos_user = request.username local db = sysdb(); if db == nil then return fail("Cannot setup session") end local cond = {exp= {["="] = { sessionid = cookie.sessionid }}}