Wrong Bcrypt version, 2a expected

Openfire Openfire Dev
1

Hi,

(I think this qualifies as a bug, but it may also be a feature request.)

I am trying to use a Laravel website as AuthProvider. Laravel uses bcrypt. I added the following to openfire.xml:

com.mysql.jdbc.Driver

jdbc:mysql://10.89.10.20:3306/mydb?user=openfire&password =xxxxxxxx

org.jivesoftware.openfire.auth.JDBCAuthProvider

SELECT password FROM person WHERE username=? AND deleted_at IS NULL

bcrypt

Example record from my table:

mysql> select id, name, username, password, email from person where username = ‘admin’;

±—±--------------±---------±---------------------------------------------- ---------------±-----------------+

| id | name | username | password | email |

±—±--------------±---------±---------------------------------------------- ---------------±-----------------+

| 5 | Administrator | admin | $2y$10$8ZHPKFcfo2g6./.9QF.lj.mQ8ONVrEp1vpHa3vsGylpUX9BtXgnGe | admin@example.com |

±—±--------------±---------±---------------------------------------------- ---------------±-----------------+

1 row in set (0.00 sec)

(by the way, the custom database integration documentation does not mention bcrypt as an option)

When I try to login, openfire returns the following error:

Exception:

java.lang.IllegalArgumentException: Wrong Bcrypt version, 2a expected.
     at org.bouncycastle.crypto.generators.OpenBSDBCrypt.checkPassword(Unknown Source)
     at org.jivesoftware.openfire.auth.JDBCAuthProvider.comparePasswords(JDBCAuthProvider.java:226)
     at org.jivesoftware.openfire.auth.JDBCAuthProvider.authenticate(JDBCAuthProvider.java:211)
     at org.jivesoftware.openfire.auth.AuthFactory.authenticate(AuthFactory.java:217)
     at org.jivesoftware.openfire.admin.login_jsp._jspService(login_jsp.java:175)
     at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
     at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
     at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:39)
     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
     at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:76)
     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
     at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:53)
     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
     at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:80)
     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
     at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:162)
     at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
     at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
     at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
     at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
     at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
     at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
     at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
     at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
     at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
     at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
     at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
     at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
     at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
     at org.eclipse.jetty.server.Server.handle(Server.java:499)
     at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
     at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
     at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
     at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
     at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
     at java.lang.Thread.run(Thread.java:745)
2

I found the difference between 2y and 2a, and I changed the query to:

SELECT CONCAT(’$2a$’, SUBSTRING(password FROM 5)) FROM person WHERE username=? AND deleted_at IS NULL

and now it works.

So I think now this became a feature request to:

  • integrate this so this query would not be needed

  • add this to the custom database integration document.

Thanks.