При проверке лицензии проверяем совпадение хэша SHA256 суммы userId + userName...

При проверке лицензии проверяем совпадение хэша SHA256 суммы userId + userName с тем, что пришло в лицензии git-svn-id: svn://192.168.3.15/activex/AVS/Sources/TeamlabOffice/trunk/OfficeWeb@65181 954022d7-b5bf-4e40-9824-e11837661b57

При проверке лицензии проверяем совпадение хэша SHA256 суммы userId + userName...
При проверке лицензии проверяем совпадение хэша SHA256 суммы userId + userName с тем, что пришло в лицензии git-svn-id: svn://192.168.3.15/activex/AVS/Sources/TeamlabOffice/trunk/OfficeWeb@65181 954022d7-b5bf-4e40-9824-e11837661b57
027429d3 · Sergey.Luzyanin · Alexander.Trofimov · fcca18dd · 027429d3 · 027429d3
Commit 027429d3 authored Oct 06, 2015 by Sergey.Luzyanin Committed by Alexander.Trofimov May 18, 2016
4 changed files
--- a/Common/Private/editorscommon.js
+++ b/Common/Private/editorscommon.js
@@ -4,7 +4,7 @@ var g_sLicenseDefaultUrl = "/license";
 var g_sPublicRSAKey = '-----BEGIN CERTIFICATE-----MIIBvTCCASYCCQD55fNzc0WF7TANBgkqhkiG9w0BAQUFADAjMQswCQYDVQQGEwJKUDEUMBIGA1UEChMLMDAtVEVTVC1SU0EwHhcNMTAwNTI4MDIwODUxWhcNMjAwNTI1MDIwODUxWjAjMQswCQYDVQQGEwJKUDEUMBIGA1UEChMLMDAtVEVTVC1SU0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANGEYXtfgDRlWUSDn3haY4NVVQiKI9CzThoua9+DxJuiseyzmBBe7Roh1RPqdvmtOHmEPbJ+kXZYhbozzPRbFGHCJyBfCLzQfVos9/qUQ88u83b0SFA2MGmQWQAlRtLy66EkR4rDRwTj2DzR4EEXgEKpIvo8VBs/3+sHLF3ESgAhAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAEZ6mXFFq3AzfaqWHmCy1ARjlauYAa8ZmUFnLm0emg9dkVBJ63aEqARhtok6bDQDzSJxiLpCEF6G4b/Nv/M/MLyhP+OoOTmETMegAVQMq71choVJyOFE5BtQa6M/lCHEOya5QUfoRF2HF9EjRF44K3OK+u3ivTSj3zwjtpudY5Xo=-----END CERTIFICATE-----';
 var g_sAESKey = '7f3d2338390c1e3e154c21005f51010e065b0f1a1e101600202473150c022a11';

-function CheckLicense(licenseUrl, customerId, userId, callback) {
+function CheckLicense(licenseUrl, customerId, userId, userName, callback) {
  licenseUrl = licenseUrl ? licenseUrl : g_sLicenseDefaultUrl;
  g_fGetJSZipUtils().getBinaryContent(licenseUrl, function(err, data) {
    if (err) {
@@ -27,7 +27,7 @@ function CheckLicense(licenseUrl, customerId, userId, callback) {
      var x509 = new X509();
      x509.readCertPEM(g_sPublicRSAKey);
      var isValid = x509.subjectPublicKeyRSA.verifyString(JSON.stringify(oLicense), hSig);
-      callback(false, isValid ? CheckUserInLicense(customerId, userId, oLicense) : false);
+      callback(false, isValid ? CheckUserInLicense(customerId, userId, userName, oLicense) : false);
    } catch(e) {
      callback(true, false);
    }
@@ -40,14 +40,15 @@ function CheckLicense(licenseUrl, customerId, userId, callback) {
 * @param oLicense
 * @returns {boolean}
 */
-function CheckUserInLicense(customerId, userId, oLicense) {
+function CheckUserInLicense(customerId, userId, userName, oLicense) {
  var res = false;
  var superuser = 'onlyoffice';
  try {
    if (oLicense.users) {
-      if ((customerId === oLicense['customer_id'] && oLicense.users.hasOwnProperty(userId)) ||
-        (superuser === oLicense['customer_id'] && oLicense.users.hasOwnProperty(userId = superuser))) {
-        var endDate = new Date(oLicense.users[userId]['end_date']);
+        var sUserHash = CryptoJS.SHA256(userId + userName).toString(CryptoJS.enc.Hex).toLowerCase();
+      if ((customerId === oLicense['customer_id'] && oLicense.users.hasOwnProperty(sUserHash)) ||
+        (superuser === oLicense['customer_id'] && oLicense.users.hasOwnProperty(sUserHash = superuser))) {
+        var endDate = new Date(oLicense.users[sUserHash]['end_date']);
        res = endDate >= new Date();
      }
    }

--- a/Excel/Private/api.js
+++ b/Excel/Private/api.js
@@ -27,7 +27,7 @@
  asc['spreadsheet_api'].prototype.asc_getEditorPermissions = function(licenseUrl, customerId) {
    var t = this;
    if (this.DocInfo && this.DocInfo["Id"] && this.DocInfo["Url"]) {
-      CheckLicense(licenseUrl, customerId, this.DocInfo["UserId"], function(err, res) {
+      CheckLicense(licenseUrl, customerId, this.DocInfo["UserId"], this.DocInfo["UserName"],  function(err, res) {
        t._onCheckLicenseEnd(err, res);
      });
    } else {

--- a/PowerPoint/Private/api.js
+++ b/PowerPoint/Private/api.js
@@ -19,7 +19,7 @@ asc_docs_api.prototype.asc_addComment = function(AscCommentData) {
 asc_docs_api.prototype.asc_getEditorPermissions = function(licenseUrl, customerId) {
  var t = this;
  if (this.DocInfo && this.DocInfo.get_Id()) {
-    CheckLicense(licenseUrl, customerId, this.DocInfo.get_UserId(), function(err, res) {
+    CheckLicense(licenseUrl, customerId, this.DocInfo.get_UserId(), this.DocInfo.get_UserName(), function(err, res) {
      t._onCheckLicenseEnd(err, res);
    });
  } else {

--- a/Word/Private/api.js
+++ b/Word/Private/api.js
@@ -26,7 +26,7 @@ asc_docs_api.prototype.asc_addComment = function(AscCommentData) {
 asc_docs_api.prototype.asc_getEditorPermissions = function(licenseUrl, customerId) {
  var t = this;
  if (this.DocInfo && this.DocInfo.get_Id()) {
-    CheckLicense(licenseUrl, customerId, this.DocInfo.get_UserId(), function(err, res) {
+    CheckLicense(licenseUrl, customerId, this.DocInfo.get_UserId(), this.DocInfo.get_UserName(), function(err, res) {
      t._onCheckLicenseEnd(err, res);
    });
  } else {