Skip to content

Added the ability to accept encrypted passwords #487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Aug 20, 2016
Merged

Added the ability to accept encrypted passwords #487

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9a82569
Added the ability to accept encrypted passwords
Aug 5, 2016
abbc06a
Updated readme
Aug 5, 2016
387f3ce
Updated README to include a link to a bcrypt tool
Aug 5, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions Parse-Dashboard/app.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,16 +85,18 @@ module.exports = function(config, allowInsecureHTTP) {
}

let appsUserHasAccess = null;
let bcrypt = require('bcryptjs');

const successfulAuth =
//they provided auth
auth &&
//there are configured users
users &&
//the provided auth matches one of the users
users.find(user => {
users.find(user => {
let isAuthorized = user.user == auth.name &&
user.pass == auth.pass
(user.pass == auth.pass ||
bcrypt.compareSync(auth.pass, user.pass));
if (isAuthorized) {
// User restricted apps
appsUserHasAccess = user.apps
Expand Down
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,8 @@ You can configure your dashboard for Basic Authentication by adding usernames an
}
```

You can store the password in either `plain text` or `bcrypt` formats. You can encrypt the password using any online bcrypt tool e.g. [https://www.bcrypt-generator.com](https://www.bcrypt-generator.com).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Care to link to a bcrypt tool? Maybe https://www.bcrypt-generator.com ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That one looks more legit, but, I was using this one to test as you can select the number of rounds. Thoughts?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@JeremyPlease Updated

### Separating App Access Based on User Identity
If you have configured your dashboard to manage multiple applications, you can restrict the management of apps based on user identity.

Expand Down
3 changes: 2 additions & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,8 @@
"commander": "^2.9.0",
"express": "^4.13.4",
"json-file-plus": "^3.2.0",
"package-json": "^2.3.1"
"package-json": "^2.3.1",
"bcryptjs": "^2.3.0"
},
"devDependencies": {
"babel-core": "~5.8.12",
Expand Down