I'm building a api and I'm having trouble generating a hash with CryptoJs in the client-side interface
My js function does this:
console.log(" username: '" + $rootScope.username + "'");
console.log("timestamp: '" + timestamp + "'");
console.log(" request: '" + req + "'");
console.log(" entropy: '" + "dragonsahead" + "'");
console.log(" password: '" + $rootScope.password + "'");
var message = $rootScope.username+timestamp+req+"dragonsahead";
console.log(" message: '" + message +"'");
var hash = CryptoJS.HmacSHA1(message, $rootScope.password).toString();
console.log(" HASH: '" + hash + "'");
return hash;
$rootScope.username
and $rootScope.password
are user inputs;
JS Log:
username: 'admin'
timestamp: '1394643128.478'
request: '/login'
entropy: 'dragonsahead'
password: 'e1a47a0407d876c8187b1e984a6813abde8160af'
message: 'admin1394643128.478/logindragonsahead'
HASH: '5061875265279c7378c95c9536feade1c610492d'
I could see in the server-side logs that the hashes did not match. PHP server Log:
2014-03-12 16:52:08 - INFO --> username: 'admin'
2014-03-12 16:52:08 - INFO --> timestamp: '1394643128.478'
2014-03-12 16:52:08 - INFO --> request: '/login'
2014-03-12 16:52:08 - INFO --> entropy: 'dragonsahead'
2014-03-12 16:52:08 - INFO --> password: 'e1a47a0407d876c8187b1e984a6813abde8160af'
2014-03-12 16:52:08 - INFO --> message: 'admin1394643128.478/logindragonsahead'
2014-03-12 16:52:08 - INFO --> HASH: '4c34a29aa05059d5016bd74796407de3d2e5428c'
2014-03-12 16:52:08 - INFO -->CLIENTOKEN: '5061875265279c7378c95c9536feade1c610492d'
After this I checked i this site and the hash built by the server was the right one. So, I decided lo load CryptoJS to a blank page (google, for example) and see what could happen:
> var jq = document.createElement('script');
> jq.src = "https://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/hmac-sha1.js";
> document.getElementsByTagName('head')[0].appendChild(jq);
<script src="https://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/hmac-sha1.js"></script>
>var test = CryptoJS.HmacSHA1("admin1394643128.478/logindragonsahead",'e1a47a0407d876c8187b1e984a6813abde8160af')
undefined
>test.toString()
"4c34a29aa05059d5016bd74796407de3d2e5428c"
As CryptoJS returned the right hash, It can only be that I am messing up with my javascript vars. I don't know what could possibly be messing up my variables...
It happens that I was storing the password in a angularjs's "$rootScope".
I need to do $rootScope.password.tostring()
instead of $rootScope.password
;
Solved.