Merge pull request #1 from chrislewis60/no_separate_salt

Remove the separate salt. This should make it easier to integrate with later versions of Devise.

Merge pull request #1 from chrislewis60/no_separate_salt
Remove the separate salt. This should make it easier to integrate with later versions of Devise.
8e8e5b35 · Jesper Hvirring Henriksen · 19cb2f94 · ebf535fc · 8e8e5b35 · 8e8e5b35
Commit 8e8e5b35 authored Sep 04, 2013 by Jesper Hvirring Henriksen
--- a/docs/sql.txt
+++ b/docs/sql.txt
@@ -30,9 +30,6 @@ Options
 `hash_column`
 :   The column storing password hashes.
-`salt_column`
-:   The column storing password salts.
 Examples
 --------
@@ -45,7 +42,6 @@ Example - MySQL server:
      'username' => 'userdb',
      'password' => 'secretpassword',
      'hash_column' => 'password_hash',
-      'salt_column' => 'password_salt'
+      'query' => 'SELECT username AS uid, name AS cn, email AS mail, password_hash FROM users WHERE username = :username',
-      'query' => 'SELECT username AS uid, name AS cn, email AS mail, password_hash, password_salt FROM users WHERE username = :username',
      'pepper' => '0474f00f7823ade7d10d6797b4ceb591672c3440d92537309cedfc383a98209daf6755c043deb92936797cf74859e6924d0b395a0309950be364928188c7cf0f',
    ),
--- a/lib/Auth/Source/SQL.php
+++ b/lib/Auth/Source/SQL.php
@@ -52,13 +52,6 @@ class sspmod_sqlauthBcrypt_Auth_Source_SQL extends sspmod_core_Auth_UserPassBase
 	 */
 	private $hash_column;
-	/**
-	 * The column holding the password salt.
-	 */
-	private $salt_column;
 	/**
 	 * Constructor for this authentication source.
 	 *
@@ -93,7 +86,6 @@ class sspmod_sqlauthBcrypt_Auth_Source_SQL extends sspmod_core_Auth_UserPassBase
 		$this->query = $config['query'];
 		$this->pepper = $config['pepper'];
 		$this->hash_column = $config['hash_column'];
-		$this->salt_column = $config['salt_column'];
 	}
@@ -184,9 +176,8 @@ class sspmod_sqlauthBcrypt_Auth_Source_SQL extends sspmod_core_Auth_UserPassBase
 		/* Validate stored password hash (must be in first row of resultset) */
 		$password_hash = $data[0][$this->hash_column];
-		$password_salt = $data[0][$this->salt_column];
-		if ($password_hash !== crypt($password.$this->pepper, $password_salt)) {
+		if ($password_hash !== crypt($password.$this->pepper, $password_hash)) {
 		 /* Invalid password */
 		 SimpleSAML_Logger::error('sqlauthBcrypt:' . $this->authId .
 			 ': Hash does not match. Wrong password or sqlauthBcrypt is misconfigured.');
@@ -205,8 +196,8 @@ class sspmod_sqlauthBcrypt_Auth_Source_SQL extends sspmod_core_Auth_UserPassBase
 					continue;
 				}
-				if ($name === $this->hash_column || $name === $this->salt_column) {
+				if ($name === $this->hash_column) {
-					/* Don't add password hash and salt to attributes */
+					/* Don't add password hash to attributes */
 					continue;
 				}