CookBookPasswordGreasemonkeyUserScript: djangopasswordhasher.user.js.txt

File djangopasswordhasher.user.js.txt, 3.5 KB (added by Antti Kaihola, 18 years ago)

Maybe easier to install by looking at this in plain format.

Line 
1// ==UserScript==
2// @name DjangoPasswordHasher
3// @namespace http://svn.ambitone.com/ambidjangolib
4// @description Converts plaintext passwords to salted sha1 hashes in Django auth admin
5// @include *
6// ==/UserScript==
7
8/*
9 * DjangoPasswordHasher greasemonkey user script
10 * Version 1.0 Antti Kaihola 2006 <akaihola@ambitone.com>
11 */
12
13
14/*
15 * SHA-1 algorithm adapted from:
16 *
17 * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined
18 * in FIPS PUB 180-1
19 * Version 2.1a Copyright Paul Johnston 2000 - 2002.
20 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
21 * Distributed under the BSD License
22 * See http://pajhome.org.uk/crypt/md5 for details.
23 */
24
25var chrsz = 8;
26
27function hex_sha1(s) { return binb2hex(core_sha1(str2binb(s),s.length * chrsz)); }
28
29function core_sha1(x, len) {
30 x[len >> 5] |= 0x80 << (24 - len % 32);
31 x[((len + 64 >> 9) << 4) + 15] = len;
32 var w = Array(80);
33 var a = 1732584193;
34 var b = -271733879;
35 var c = -1732584194;
36 var d = 271733878;
37 var e = -1009589776;
38 for(var i = 0; i < x.length; i += 16) {
39 var olda = a; var oldb = b; var oldc = c; var oldd = d; var olde = e;
40 for(var j = 0; j < 80; j++) {
41 if (j < 16) w[j] = x[i + j];
42 else w[j] = rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1);
43 var t = safe_add(safe_add(rol(a, 5), sha1_ft(j, b, c, d)),
44 safe_add(safe_add(e, w[j]), sha1_kt(j)));
45 e = d; d = c; c = rol(b, 30); b = a; a = t; }
46 a = safe_add(a, olda);
47 b = safe_add(b, oldb);
48 c = safe_add(c, oldc);
49 d = safe_add(d, oldd);
50 e = safe_add(e, olde); }
51 return Array(a, b, c, d, e); }
52
53function sha1_ft(t, b, c, d) {
54 if (t < 20) return (b & c) | ((~b) & d);
55 if (t < 40) return b ^ c ^ d;
56 if (t < 60) return (b & c) | (b & d) | (c & d);
57 return b ^ c ^ d; }
58
59function sha1_kt(t) {
60 return (t < 20) ? 1518500249 : (t < 40) ? 1859775393 :
61 (t < 60) ? -1894007588 : -899497514; }
62
63function safe_add(x, y) {
64 var lsw = (x & 0xFFFF) + (y & 0xFFFF);
65 var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
66 return (msw << 16) | (lsw & 0xFFFF); }
67
68function rol(num, cnt) {
69 return (num << cnt) | (num >>> (32 - cnt)); }
70
71function str2binb(str) {
72 var bin = Array();
73 var mask = (1 << chrsz) - 1;
74 for (var i = 0; i < str.length * chrsz; i += chrsz)
75 bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (32 - chrsz - i%32);
76 return bin; }
77
78function binb2hex(binarray) {
79 var hex_tab = "0123456789abcdef";
80 var str = "";
81 for(var i = 0; i < binarray.length * 4; i++)
82 str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) +
83 hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF);
84 return str; }
85
86/* SHA-1 algorithm ends here */
87
88
89
90
91function process_password_field(e) {
92 /* Imitate django.contrib.auth.models.User.set_password() */
93 var pw = e.target.value;
94 if (pw.substr(0, 5) != 'sha1$' && pw.substr(0, 4) != 'md5$') {
95 var salt = hex_sha1(Math.random().toString()).substr(0, 5);
96 e.target.value = 'sha1$' + salt + '$' + hex_sha1(salt + pw); }
97}
98
99
100
101window.addEventListener("load", function(e) {
102 /* identify Django auth User admin password field *
103 * and add password processing when field loses focus */
104 var pwinput = document.getElementById('id_password');
105 if (pwinput
106 && pwinput.className == 'vTextField required'
107 && pwinput.name == 'password'
108 && pwinput.size == 30
109 && pwinput.getAttribute('maxlength') == 128) {
110 pwinput.addEventListener('blur', process_password_field, true);
111 }
112}, false);
113
114
Back to Top