Authenticate users by checking ODK Database

guxiaowei · February 14, 2019, 9:05am

Hi there,

I would like to authenticate my current ODK users from another mini web-app
by directly checking the ODK db.

How do I generate the digest hash that is saved on _registered_users table?
I'm not sure in what java files ODK generates the hashes,, whether it uses
some salt.

and i want to know where the code control user authentication in odk aggregate

Thanks,

ggalmazor · February 14, 2019, 12:28pm

Hi @guxiaowei!

You can start at CredentialsInfoBuilder.build(), which handles the change password dialog. It looks like Aggregate uses salted SHA1 hashes.

github.com

getodk/aggregate/blob/master/src/main/java/org/opendatakit/aggregate/client/permissions/CredentialsInfoBuilder.java

/*
 * Copyright (C) 2011 University of Washington
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */

package org.opendatakit.aggregate.client.permissions;

import com.google.gwt.user.client.Random;
import java.io.UnsupportedEncodingException;

This file has been truncated. show original