Jump to content

creativiii

Members
  • Posts

    9
  • Joined

  • Last visited

 Content Type 

Downloads

Release Notes

IPS4 Guides

IPS4 Developer Documentation

Invision Community Blog

Development Blog

Deprecation Tracker

Providers Directory

Forums

Events

Store

Gallery

Everything posted by creativiii

  1. Nevermind! Figured it out. For future reference, this is how you compare IPB passwords from Node. const bcrypt = require("bcrypt"); // convert the hashing algorithm from 2y to 2a let encrypted = "$2a$10$ykiLOC/Lu24CIGUiJmH.1eYlIRvdfBhrd2qEBukwU4Qjmx1UWM96e"; let plaintext = "mypassword"; bcrypt.compare(plaintext, encrypted, function (err, result) { console.log(result); }); I verified this with my own password and it works 😁
  2. Riiight, that makes a lot more sense. How would I find out the exact settings IPB is using to encrypt passwords? I've got a basic example working locally, but my encoded password doesn't look anything like the one I can see in the database. const blf = require("blowfish-js"); const cry = require("crypto"); let key = cry.randomBytes(16); let iv = cry.randomBytes(8); let context = blf.key(key); let plaintext = "Testingpassword"; let ciphertext = blf.ofb(context, iv, Buffer.from(plaintext, "utf8")); let decrypted = blf.ofb(context, iv, ciphertext, true); console.log(ciphertext.toString("hex")); // e0f3339823e661e89918cf81056f9f console.log(decrypted.toString("utf8")); // Testingpassword I have no idea if blowfish encryption works the same from PHP to JS, sorry in advance if this doesn't make a lot of sense.
  3. My site currently makes heavy use of IPB for logging users into other parts of the site via oAuth. This is okay, but it makes it incredibly difficult to keep data synced between forum and the rest of the site. It's resulted in a lot of duplication and I'm currently looking at options to improve it. Ideally I'd like to simply allow the user to login using their email and password, but I can't find any information as to where the salt to decrypt those passwords is. I know that before IPB4, hashes were stored alongside passwords, and I can see these in my members table. But from IPB4 and the encryption system moving to blowfish, I can't seem to find any record whatsoever as to where this salt is stored. Any ideas?
  4. Turns out the problem was the missing trailing slash, just got confused by the errors and thought it was something else.
  5. Hi all, I've been trying to get a login working using the Resource Owner Password Grant oAuth, however I can't seem to make it work. Here's my request: const form = { 'grant_type': 'password', 'username': 'username', 'password': 'pass', 'scope': 'profile', 'client_id': 'client_id', } var formBody = []; for (var property in form) { var encodedKey = encodeURIComponent(property); var encodedValue = encodeURIComponent(form[property]); formBody.push(encodedKey + "=" + encodedValue); } formBody = formBody.join("&"); await fetch(`https://example.com/oauth/token`, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8' }, body: formBody }) All I get back is an error: { "error": "invalid_request", "error_description": "request must be a POST request" } Did I format this the wrong way or am I missing something? I've been following the oAuth docs but maybe I'm missing something. Any help would be appreciated!
×
×
  • Create New...