From 8badbd2015eb09c97d1c4d3bef451ac7c35ed919 Mon Sep 17 00:00:00 2001
From: Mahad <mahad@xconn.io>
Date: Mon, 13 Jan 2025 19:31:12 +0500
Subject: [PATCH] fix wampcra auth with salt

---
 crossbar/router/auth/wampcra.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crossbar/router/auth/wampcra.py b/crossbar/router/auth/wampcra.py
index 496f7f36c..4674beadb 100644
--- a/crossbar/router/auth/wampcra.py
+++ b/crossbar/router/auth/wampcra.py
@@ -62,7 +62,6 @@ def _compute_challenge(self, user):
         }
         challenge: str = json.dumps(challenge_obj, ensure_ascii=False)
         secret = user['secret'].encode('utf8')
-        signature = auth.compute_wcs(secret, challenge.encode('utf8')).decode('ascii')
 
         # extra data to send to client in CHALLENGE
         extra = {'challenge': challenge}
@@ -73,6 +72,9 @@ def _compute_challenge(self, user):
             extra['salt'] = user['salt']
             extra['iterations'] = user.get('iterations', 1000)
             extra['keylen'] = user.get('keylen', 32)
+            secret = auth.derive_key(secret, extra['salt'], extra['iterations'], extra['keylen'])
+
+        signature = auth.compute_wcs(secret, challenge.encode('utf8')).decode('ascii')
 
         return extra, signature