updated user api to use hashed passwords

This commit is contained in:
George Shaw 2017-10-26 16:37:09 -05:00
parent d758dbb28c
commit 4237032778
3 changed files with 15 additions and 16 deletions

View file

@ -6,6 +6,7 @@ import (
"net/http"
"github.com/Ennovar/gPanel/pkg/database"
"github.com/Ennovar/gPanel/pkg/encryption"
)
// userRequestData struct is the structure of the JSON data to be
@ -49,14 +50,14 @@ func UserAuthentication(res http.ResponseWriter, req *http.Request) bool {
return false
}
if userRequestData.Pass != userDatabaseData.Pass {
http.Error(res, "Invalid password", http.StatusUnauthorized)
err = encryption.CheckPassword([]byte(userDatabaseData.Pass), []byte(userRequestData.Pass))
if err != nil {
http.Error(res, err.Error(), http.StatusUnauthorized)
return false
}
res.WriteHeader(http.StatusNoContent)
return true
}
// UserAuthentication function is accessed by an API call from the webhost root
@ -83,7 +84,12 @@ func UserRegistration(res http.ResponseWriter, req *http.Request) bool {
}
defer ds.Close()
userDatabaseData.Pass = userRequestData.Pass
userDatabaseData.Pass, err = encryption.HashPassword(userRequestData.Pass)
if err != nil {
http.Error(res, err.Error(), http.StatusBadRequest)
return false
}
err = ds.Put(database.BUCKET_USERS, []byte(userRequestData.User), userDatabaseData)
if err != nil {
http.Error(res, err.Error(), http.StatusBadRequest)
@ -92,5 +98,4 @@ func UserRegistration(res http.ResponseWriter, req *http.Request) bool {
res.WriteHeader(http.StatusNoContent)
return true
}

View file

@ -8,12 +8,6 @@ func HashPassword(password string) (string, error) {
return string(hash), err
}
func CheckPassword(hash, plainText []byte) (bool, error) {
err := bcrypt.CompareHashAndPassword(hash, plainText)
if err != nil {
return false, err
}
return true, nil
func CheckPassword(hash, plainText []byte) error {
return bcrypt.CompareHashAndPassword(hash, plainText)
}

View file

@ -27,11 +27,11 @@ func TestPasswordHashing(t *testing.T) {
t.Errorf("Error in password_test using HashPassword func: %s", err.Error())
}
ok, err := CheckPassword([]byte(password.hash), []byte(password.plainText))
err = CheckPassword([]byte(password.hash), []byte(password.plainText))
if err != nil {
if ok != password.ok {
t.Errorf("In password_test expected %t, but got %t from CheckPassword func", password.ok, ok)
if password.ok {
t.Errorf("Error in password_test using CheckPassword func: %s", err.Error())
}
}
}