From 35b3efb058ca47a4f178c5675d166b3371c5aa67 Mon Sep 17 00:00:00 2001
From: Alex Kocharin <alex@kocharin.ru>
Date: Thu, 18 Sep 2014 01:44:30 +0400
Subject: [PATCH] sinopia-htpasswd@0.4.2

fix #121
---
 node_modules/sinopia-htpasswd/README.md    |  2 --
 node_modules/sinopia-htpasswd/package.json | 11 +++++------
 node_modules/sinopia-htpasswd/utils.js     | 12 ++++++------
 package.yaml                               |  2 +-
 4 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/node_modules/sinopia-htpasswd/README.md b/node_modules/sinopia-htpasswd/README.md
index 39344ad6c..06c81cc78 100644
--- a/node_modules/sinopia-htpasswd/README.md
+++ b/node_modules/sinopia-htpasswd/README.md
@@ -1,6 +1,4 @@
 
-**work in progress**
-
 ## Installation
 
 ```sh
diff --git a/node_modules/sinopia-htpasswd/package.json b/node_modules/sinopia-htpasswd/package.json
index c56577d6e..9a5dbf822 100644
--- a/node_modules/sinopia-htpasswd/package.json
+++ b/node_modules/sinopia-htpasswd/package.json
@@ -1,6 +1,6 @@
 {
   "name"                : "sinopia-htpasswd",
-  "version"             : "0.4.1",
+  "version"             : "0.4.2",
   "description"         : "auth plugin for sinopia supporting htpasswd format",
 
   "author"              : { "name": "Alex Kocharin"
@@ -22,7 +22,7 @@
 
   "license"             : { "type": "WTFPL"
                           , "url": "http://www.wtfpl.net/txt/copying/" },
-  "readme"             : "\n**work in progress**\n\n## Installation\n\n```sh\n$ npm install sinopia\n$ npm install sinopia-htpasswd\n```\n\nPS: Actually, this module is bundled with sinopia, so you don't have to install it like this. But with other auth plugins you have to.\n\n## Config\n\nAdd to your `config.yaml`:\n\n```yaml\nauth:\n  htpasswd:\n    users_file: ./htpasswd\n\n    # Maximum amount of users allowed to register, defaults to \"+inf\".\n    # You can set this to 0 to disable registration.\n    #max_users: 1000\n```\n\n## For plugin writers\n\nIt's called as:\n\n```js\nrequire('sinopia-htpasswd')(config, stuff)\n```\n\nWhere:\n\n - config - module's own config\n - stuff - collection of different internal sinopia objects\n   - stuff.config - main config\n   - stuff.logger - logger\n\nThis should export two functions:\n\n - `adduser(user, password, cb)`\n   \n   It should respond with:\n    - `cb(err)` in case of an error (error will be returned to user)\n    - `cb(null, false)` in case registration is disabled (next auth plugin will be executed)\n    - `cb(null, true)` in case user registered successfully\n   \n   It's useful to set `err.status` property to set http status code (e.g. `err.status = 403`).\n\n - `authenticate(user, password, cb)`\n   \n   It should respond with:\n    - `cb(err)` in case of a fatal error (error will be returned to user, keep those rare)\n    - `cb(null, false)` in case user not authenticated (next auth plugin will be executed)\n    - `cb(null, [groups])` in case user is authenticated\n   \n   Groups is an array of all users/usergroups this user has access to. You should probably include username itself here.\n   \n",
+  "readme"             : "\n## Installation\n\n```sh\n$ npm install sinopia\n$ npm install sinopia-htpasswd\n```\n\nPS: Actually, this module is bundled with sinopia, so you don't have to install it like this. But with other auth plugins you have to.\n\n## Config\n\nAdd to your `config.yaml`:\n\n```yaml\nauth:\n  htpasswd:\n    users_file: ./htpasswd\n\n    # Maximum amount of users allowed to register, defaults to \"+inf\".\n    # You can set this to 0 to disable registration.\n    #max_users: 1000\n```\n\n## For plugin writers\n\nIt's called as:\n\n```js\nrequire('sinopia-htpasswd')(config, stuff)\n```\n\nWhere:\n\n - config - module's own config\n - stuff - collection of different internal sinopia objects\n   - stuff.config - main config\n   - stuff.logger - logger\n\nThis should export two functions:\n\n - `adduser(user, password, cb)`\n   \n   It should respond with:\n    - `cb(err)` in case of an error (error will be returned to user)\n    - `cb(null, false)` in case registration is disabled (next auth plugin will be executed)\n    - `cb(null, true)` in case user registered successfully\n   \n   It's useful to set `err.status` property to set http status code (e.g. `err.status = 403`).\n\n - `authenticate(user, password, cb)`\n   \n   It should respond with:\n    - `cb(err)` in case of a fatal error (error will be returned to user, keep those rare)\n    - `cb(null, false)` in case user not authenticated (next auth plugin will be executed)\n    - `cb(null, [groups])` in case user is authenticated\n   \n   Groups is an array of all users/usergroups this user has access to. You should probably include username itself here.\n   \n",
   "readmeFilename"             : "README.md",
   "bugs"             : {
     "url": "https://github.com/rlidwka/sinopia-htpasswd/issues"
@@ -32,8 +32,7 @@
     "crypt3": ">=0.1.5 <1.0.0-0",
     "fs-ext": "*"
   },
-  "_id"             : "sinopia-htpasswd@0.4.1",
-  "_shasum"             : "f76c2acf42f6153faae736f50181c819a0c6b8b0",
-  "_from"             : "sinopia-htpasswd@>= 0.2.0",
-  "_resolved"             : "https://registry.npmjs.org/sinopia-htpasswd/-/sinopia-htpasswd-0.4.1.tgz"
+  "_id"             : "sinopia-htpasswd@0.4.2",
+  "_shasum"             : "22305fec9de2f0a672158c45fc5a02165ef49849",
+  "_from"             : "sinopia-htpasswd@>= 0.4.2"
 }
diff --git a/node_modules/sinopia-htpasswd/utils.js b/node_modules/sinopia-htpasswd/utils.js
index 9f2984c9c..31efb753a 100644
--- a/node_modules/sinopia-htpasswd/utils.js
+++ b/node_modules/sinopia-htpasswd/utils.js
@@ -5,9 +5,6 @@ try {
   // optional, won't be available on windows
   var crypt3 = require('crypt3')
 } catch(err) {
-  crypt3 = function() {
-    return NaN
-  }
 }
 
 try {
@@ -79,8 +76,10 @@ function verify_password(user, passwd, hash) {
     return passwd === hash.substr(7)
   } else if (hash.indexOf('{SHA}') === 0) {
     return crypto.createHash('sha1').update(passwd, 'binary').digest('base64') === hash.substr(5)
-  } else {
+  } else if (crypt3) {
     return crypt3(passwd, hash) === hash
+  } else {
+    return false
   }
 }
 
@@ -91,8 +90,9 @@ function add_user_to_htpasswd(body, user, passwd) {
     throw err
   }
 
-  passwd = crypt3(passwd)
-  if (!passwd) {
+  if (crypt3) {
+    passwd = crypt3(passwd)
+  } else {
     passwd = '{SHA}' + crypto.createHash('sha1').update(passwd, 'binary').digest('base64')
   }
   var comment = 'autocreated ' + (new Date()).toJSON()
diff --git a/package.yaml b/package.yaml
index 6cfb76f53..56ee4b2d8 100644
--- a/package.yaml
+++ b/package.yaml
@@ -43,7 +43,7 @@ dependencies:
   onscroll: '>=0.0.3 <1.0.0-0'
   transition-complete: '>=0.0.2 <1.0.0-0'
   helpers.less: 'git://github.com/bpeacock/helpers.less.git'
-  sinopia-htpasswd: '>= 0.2.0'
+  sinopia-htpasswd: '>= 0.4.2'
   http-errors: '~1.2.0' # ferver
 
   # TODO: not really needed