Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for wide characters in passwords. (replacement of #2628) #2659

Merged
merged 2 commits into from
Jan 28, 2025
Merged

Add support for wide characters in passwords. (replacement of #2628) #2659

merged 2 commits into from
Jan 28, 2025

Conversation

drgrice1
Copy link
Member

This replaces #2628. @taniwallach seems to not have time to make the requested changes, so this takes care of those for him.

The crypt function cannot handle most wide (Unicode) characters, but does handle some by attempting to downgrade to an 8-bit string.

In order to support wide characters in passwords while not breaking any passwords which worked before this change, a password will be encoded into UTF-8 before being sent to crypt only when crypt dies on the original string. This is handled by the new utf8Crypt method in Utils.pm.

taniwallach and others added 2 commits January 17, 2025 10:56
@taniwallach @drgrice1
Add support for wide characters in passwords.
5a81a74 
The crypt function cannot handle most wide (Unicode) characters,
but does handle some by attempting to downgrade to an 8-bit string.

In order to support wide characters in passwords while not breaking
any passwords which worked before this change, a password will be
encoded into UTF-8 before being sent to crypt only when crypt dies
on the original string.
@drgrice1
Create a utf8Crypt method to handle UTF-8 encoded password hashing.
1e0ee36 
This makes it easy to generate a password hash or verify a given
password against a previously generated password hash.

Note that this uses Encode::encode (via the Mojo::Util encode method)
rather than Encode::utf8_encode.  The Encode::utf8_encode method should
not be used anymore.
@somiaj
Copy link
Contributor

somiaj commented Jan 23, 2025

Looks good. Do you have a suggestion of an easy way to test this. I should probably set up a test user and set a password with a wide character, but unsure which ones are considered wide.

@drgrice1
Copy link
Member Author

You could use "א". That is such a character. Change your password using that character (cut and paste). Then check that you can log out and log back in again with that password.

somiaj
somiaj approved these changes Jan 23, 2025
View reviewed changes
Copy link
Contributor

@somiaj somiaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed this works with wide characters, while still working with old passwords.

pstaabp
pstaabp approved these changes Jan 28, 2025
View reviewed changes
Copy link
Member

@pstaabp pstaabp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works well. Now my password will have the poop and beer emojis in it.

@somiaj somiaj merged commit 6fbdae6 into openwebwork:develop Jan 28, 2025
2 checks passed
@drgrice1 drgrice1 deleted the wide-char-passwords-tweaks branch January 28, 2025 19:48
@pstaabp pstaabp mentioned this pull request Jan 28, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pstaabp pstaabp pstaabp approved these changes

@somiaj somiaj somiaj approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@drgrice1 @somiaj @pstaabp @taniwallach