sha256 passwords client-side before sending (why didn't I do this before?)

2025-07-29 16:38:37 +00:00 · 2021-11-20 02:21:42 -05:00 · 2021-11-20 02:21:42 -05:00 · f005aca48c
commit f005aca48c
parent 8d01130ce2
4 changed files with 40 additions and 9 deletions
--- a/.idea/.idea.ProjectLighthouse/.idea/jsLibraryMappings.xml
+++ b/.idea/.idea.ProjectLighthouse/.idea/jsLibraryMappings.xml
@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="JavaScriptLibraryMappings">
+    <file url="PROJECT" libraries="{sha256}" />
+  </component>
+</project>
--- a/ProjectLighthouse/Pages/ExternalAuth/LoginForm.cshtml
+++ b/ProjectLighthouse/Pages/ExternalAuth/LoginForm.cshtml
@ -4,8 +4,21 @@
@{
    Layout = "Layouts/BaseLayout";
 }
+
+<script src="https://geraintluff.github.io/sha256/sha256.min.js"></script>
+
+<script>
+    function onSubmit(form) {
+        const password = form['password'];
+        
+        password.value = sha256(password.value);
+        
+        return true;
+    }
+</script>
+
 <h1>Log in</h1>
-<form>
+<form onsubmit="return onSubmit(this)">
    <label for="text">Username: </label>
    <input type="text" name="username" id="text"><br>

--- a/ProjectLighthouse/Pages/ExternalAuth/RegisterForm.cshtml
+++ b/ProjectLighthouse/Pages/ExternalAuth/RegisterForm.cshtml
@ -5,8 +5,23 @@
    Layout = "Layouts/BaseLayout";
 }

+<script src="https://geraintluff.github.io/sha256/sha256.min.js"></script>
+
+<script>
+    function onSubmit(form) {
+        const password = form['password'];
+        const confirmPassword = form['confirmPassword'];
+        
+        password.value = sha256(password.value);
+        confirmPassword.value = sha256(confirmPassword.value);
+        
+        return true;
+    }
+</script>
+
+
 <h1>Register</h1>
-<form>
+<form onsubmit="return onSubmit(this)">
    <label for="text">Username: </label>
    <input type="text" name="username" id="text"><br>

--- a/ProjectLighthouse/Pages/ExternalAuth/RegisterForm.cshtml.cs
+++ b/ProjectLighthouse/Pages/ExternalAuth/RegisterForm.cshtml.cs
@ -1,4 +1,3 @@
-using System;
 using System.Diagnostics.CodeAnalysis;
 using System.Threading.Tasks;
 using JetBrains.Annotations;
@ -20,18 +19,16 @@ namespace LBPUnion.ProjectLighthouse.Pages.ExternalAuth
        [SuppressMessage("ReSharper", "SpecifyStringComparison")]
        public async Task<IActionResult> OnGet([FromQuery] string username, [FromQuery] string password, [FromQuery] string confirmPassword)
        {
-            this.WasRegisterRequest = !string.IsNullOrEmpty(username) &&
-                                      !string.IsNullOrEmpty(password) &&
-                                      !string.IsNullOrEmpty(confirmPassword) &&
-                                      password == confirmPassword;
+            this.WasRegisterRequest = !string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password) && !string.IsNullOrEmpty(confirmPassword);

            if (WasRegisterRequest)
            {
-                Console.WriteLine(password);
+                if (password != confirmPassword) return this.BadRequest();
+
                bool userExists = await this.Database.Users.FirstOrDefaultAsync(u => u.Username.ToLower() == username.ToLower()) != null;
                if (userExists) return this.BadRequest();

-                this.Database.CreateUser(username, HashHelper.BCryptHash(password));
+                await this.Database.CreateUser(username, HashHelper.BCryptHash(password));
            }

            return this.Page();