Hash password on client side

Daniel-WWU-IT · Aug 2, 2021 · 66b146b · 66b146b
1 parent f5c4819
commit 66b146b
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 21 deletions.
diff --git a/pkg/siteacc/account/edit/template.go b/pkg/siteacc/account/edit/template.go
@@ -76,19 +76,22 @@ function handleAction(action) {
 		}
 	}
 
-	var postData = {
-		"firstName": formData.getTrimmed("fname"),
-		"lastName": formData.getTrimmed("lname"),
-		"organization": formData.getTrimmed("organization"),
-		"website": formData.getTrimmed("website"),
-		"role": formData.getTrimmed("role"),
-		"phoneNumber": formData.getTrimmed("phone"),
-		"password": {
-			"value": formData.get("password")
-		}
-    };
-
-    xhr.send(JSON.stringify(postData));
+	var pwd = formData.get("password");
+	pwd.hashCode().then(function(pwdHash) {
+		var postData = {
+			"firstName": formData.getTrimmed("fname"),
+			"lastName": formData.getTrimmed("lname"),
+			"organization": formData.getTrimmed("organization"),
+			"website": formData.getTrimmed("website"),
+			"role": formData.getTrimmed("role"),
+			"phoneNumber": formData.getTrimmed("phone"),
+			"password": {
+				"value": pwdHash
+			}
+	    };
+	
+	    xhr.send(JSON.stringify(postData));
+	});	
 }
 `
 

diff --git a/pkg/siteacc/account/login/template.go b/pkg/siteacc/account/login/template.go
@@ -57,14 +57,17 @@ function handleAction(action) {
 		}
 	}
 
-	var postData = {
-        "email": formData.getTrimmed("email"),
-		"password": {
-			"value": formData.get("password")
-		}
-    };
-
-    xhr.send(JSON.stringify(postData));
+	var pwd = formData.get("password");
+	pwd.hashCode().then(function(pwdHash) {
+		var postData = {
+	        "email": formData.getTrimmed("email"),
+			"password": {
+				"value": pwdHash
+			}
+	    };
+	
+	    xhr.send(JSON.stringify(postData));
+	});
 }
 
 function handleResetPassword() {

diff --git a/pkg/siteacc/html/template.go b/pkg/siteacc/html/template.go
@@ -91,6 +91,17 @@ const panelTemplate = `
 			}
 		}
 
+		String.prototype.hashCode = async function() {	
+			if (this.length === 0) {
+                return "";
+			}
+
+			var msgBuffer = new TextEncoder().encode(this);
+			var hashBuffer = await crypto.subtle.digest("SHA-256", msgBuffer);
+			var hashArray = Array.from(new Uint8Array(hashBuffer));
+			return hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
+		};
+
 		$(CONTENT_JAVASCRIPT)
 	</script>
 	<style>