Code

CookBookPasswordGreasemonkeyUserScript: djangopasswordhasher.user.js.txt

File djangopasswordhasher.user.js.txt, 3.5 KB (added by akaihola, 8 years ago)

Maybe easier to install by looking at this in plain format.

Line 
1// ==UserScript==
2// @name           DjangoPasswordHasher
3// @namespace      http://svn.ambitone.com/ambidjangolib
4// @description    Converts plaintext passwords to salted sha1 hashes in Django auth admin
5// @include        *
6// ==/UserScript==
7
8/*
9 * DjangoPasswordHasher greasemonkey user script
10 * Version 1.0  Antti Kaihola 2006 <akaihola@ambitone.com>
11 */
12
13
14/*
15 * SHA-1 algorithm adapted from:
16 *
17 * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
18 * in FIPS PUB 180-1
19 * Version 2.1a Copyright Paul Johnston 2000 - 2002.
20 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
21 * Distributed under the BSD License
22 * See http://pajhome.org.uk/crypt/md5 for details.
23 */
24
25var chrsz = 8;
26
27function hex_sha1(s) { return binb2hex(core_sha1(str2binb(s),s.length * chrsz)); }
28
29function core_sha1(x, len) {
30  x[len >> 5] |= 0x80 << (24 - len % 32);
31  x[((len + 64 >> 9) << 4) + 15] = len;
32  var w = Array(80);
33  var a =  1732584193;
34  var b = -271733879;
35  var c = -1732584194;
36  var d =  271733878;
37  var e = -1009589776;
38  for(var i = 0; i < x.length; i += 16) {
39    var olda = a; var oldb = b; var oldc = c; var oldd = d; var olde = e;
40    for(var j = 0; j < 80; j++) {
41      if (j < 16) w[j] = x[i + j];
42      else w[j] = rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1);
43      var t = safe_add(safe_add(rol(a, 5), sha1_ft(j, b, c, d)),
44                       safe_add(safe_add(e, w[j]), sha1_kt(j)));
45      e = d; d = c; c = rol(b, 30); b = a; a = t; }
46    a = safe_add(a, olda);
47    b = safe_add(b, oldb);
48    c = safe_add(c, oldc);
49    d = safe_add(d, oldd);
50    e = safe_add(e, olde); }
51  return Array(a, b, c, d, e); }
52
53function sha1_ft(t, b, c, d) {
54  if (t < 20) return (b & c) | ((~b) & d);
55  if (t < 40) return b ^ c ^ d;
56  if (t < 60) return (b & c) | (b & d) | (c & d);
57  return b ^ c ^ d; }
58
59function sha1_kt(t) {
60  return (t < 20) ?  1518500249 : (t < 40) ?  1859775393 :
61         (t < 60) ? -1894007588 : -899497514; }
62
63function safe_add(x, y) {
64  var lsw = (x & 0xFFFF) + (y & 0xFFFF);
65  var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
66  return (msw << 16) | (lsw & 0xFFFF); }
67
68function rol(num, cnt) {
69  return (num << cnt) | (num >>> (32 - cnt)); }
70
71function str2binb(str) {
72  var bin = Array();
73  var mask = (1 << chrsz) - 1;
74  for (var i = 0; i < str.length * chrsz; i += chrsz)
75    bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (32 - chrsz - i%32);
76  return bin; }
77
78function binb2hex(binarray) {
79  var hex_tab = "0123456789abcdef";
80  var str = "";
81  for(var i = 0; i < binarray.length * 4; i++)
82    str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) +
83           hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8  )) & 0xF);
84  return str; }
85
86/* SHA-1 algorithm ends here */
87
88
89
90
91function process_password_field(e) {
92  /* Imitate django.contrib.auth.models.User.set_password() */
93  var pw = e.target.value;
94  if (pw.substr(0, 5) != 'sha1$' && pw.substr(0, 4) != 'md5$') {
95    var salt = hex_sha1(Math.random().toString()).substr(0, 5);
96    e.target.value = 'sha1$' + salt + '$' + hex_sha1(salt + pw); }
97}
98
99
100
101window.addEventListener("load", function(e) {
102  /* identify Django auth User admin password field     *
103   * and add password processing when field loses focus */
104  var pwinput = document.getElementById('id_password');
105  if (pwinput
106      && pwinput.className == 'vTextField required'
107      && pwinput.name == 'password'
108      && pwinput.size == 30
109      && pwinput.getAttribute('maxlength') == 128) {
110    pwinput.addEventListener('blur', process_password_field, true);
111  }
112}, false);
113
114