Kim "BKC" Carlbäcker
Lauris BH
7 years ago
7 changed files with 18 additions and 23 deletions
Unified View
Diff Options
-
+1 -2cmd/admin.go
-
+10 -7models/user.go
-
+3 -6models/user_test.go
-
+1 -2routers/admin/users.go
-
+1 -2routers/api/v1/admin/user.go
-
+1 -2routers/user/auth.go
-
+1 -2routers/user/setting.go
+ 1
- 2
cmd/admin.go
View File
| @@ -107,11 +107,10 @@ func runChangePassword(c *cli.Context) error { | |||||
| if err != nil { | if err != nil { | ||||
| return fmt.Errorf("%v", err) | return fmt.Errorf("%v", err) | ||||
| } | } | ||||
| user.Passwd = c.String("password") | |||||
| if user.Salt, err = models.GetUserSalt(); err != nil { | if user.Salt, err = models.GetUserSalt(); err != nil { | ||||
| return fmt.Errorf("%v", err) | return fmt.Errorf("%v", err) | ||||
| } | } | ||||
| user.HashPassword() | |||||
| user.HashPassword(c.String("password")) | |||||
| if err := models.UpdateUserCols(user, "passwd", "salt"); err != nil { | if err := models.UpdateUserCols(user, "passwd", "salt"); err != nil { | ||||
| return fmt.Errorf("%v", err) | return fmt.Errorf("%v", err) | ||||
| } | } | ||||
+ 10
- 7
models/user.go
View File
| @@ -388,17 +388,20 @@ func (u *User) NewGitSig() *git.Signature { | |||||
| } | } | ||||
| } | } | ||||
| func hashPassword(passwd, salt string) string { | |||||
| tempPasswd := pbkdf2.Key([]byte(passwd), []byte(salt), 10000, 50, sha256.New) | |||||
| return fmt.Sprintf("%x", tempPasswd) | |||||
| } | |||||
| // HashPassword hashes a password using PBKDF. | // HashPassword hashes a password using PBKDF. | ||||
| func (u *User) HashPassword() { | |||||
| newPasswd := pbkdf2.Key([]byte(u.Passwd), []byte(u.Salt), 10000, 50, sha256.New) | |||||
| u.Passwd = fmt.Sprintf("%x", newPasswd) | |||||
| func (u *User) HashPassword(passwd string) { | |||||
| u.Passwd = hashPassword(passwd, u.Salt) | |||||
| } | } | ||||
| // ValidatePassword checks if given password matches the one belongs to the user. | // ValidatePassword checks if given password matches the one belongs to the user. | ||||
| func (u *User) ValidatePassword(passwd string) bool { | func (u *User) ValidatePassword(passwd string) bool { | ||||
| newUser := &User{Passwd: passwd, Salt: u.Salt} | |||||
| newUser.HashPassword() | |||||
| return subtle.ConstantTimeCompare([]byte(u.Passwd), []byte(newUser.Passwd)) == 1 | |||||
| tempHash := hashPassword(passwd, u.Salt) | |||||
| return subtle.ConstantTimeCompare([]byte(u.Passwd), []byte(tempHash)) == 1 | |||||
| } | } | ||||
| // IsPasswordSet checks if the password is set or left empty | // IsPasswordSet checks if the password is set or left empty | ||||
| @@ -711,7 +714,7 @@ func CreateUser(u *User) (err error) { | |||||
| if u.Salt, err = GetUserSalt(); err != nil { | if u.Salt, err = GetUserSalt(); err != nil { | ||||
| return err | return err | ||||
| } | } | ||||
| u.HashPassword() | |||||
| u.HashPassword(u.Passwd) | |||||
| u.AllowCreateOrganization = setting.Service.DefaultAllowCreateOrganization | u.AllowCreateOrganization = setting.Service.DefaultAllowCreateOrganization | ||||
| u.MaxRepoCreation = -1 | u.MaxRepoCreation = -1 | ||||
+ 3
- 6
models/user_test.go
View File
| @@ -135,13 +135,11 @@ func TestHashPasswordDeterministic(t *testing.T) { | |||||
| pass := string(b) | pass := string(b) | ||||
| // save the current password in the user - hash it and store the result | // save the current password in the user - hash it and store the result | ||||
| u.Passwd = pass | |||||
| u.HashPassword() | |||||
| u.HashPassword(pass) | |||||
| r1 := u.Passwd | r1 := u.Passwd | ||||
| // run again | // run again | ||||
| u.Passwd = pass | |||||
| u.HashPassword() | |||||
| u.HashPassword(pass) | |||||
| r2 := u.Passwd | r2 := u.Passwd | ||||
| // assert equal (given the same salt+pass, the same result is produced) | // assert equal (given the same salt+pass, the same result is produced) | ||||
| @@ -158,7 +156,6 @@ func BenchmarkHashPassword(b *testing.B) { | |||||
| u := &User{Salt: string(bs), Passwd: pass} | u := &User{Salt: string(bs), Passwd: pass} | ||||
| b.ResetTimer() | b.ResetTimer() | ||||
| for i := 0; i < b.N; i++ { | for i := 0; i < b.N; i++ { | ||||
| u.HashPassword() | |||||
| u.Passwd = pass | |||||
| u.HashPassword(pass) | |||||
| } | } | ||||
| } | } | ||||
+ 1
- 2
routers/admin/users.go
View File
| @@ -194,13 +194,12 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) { | |||||
| } | } | ||||
| if len(form.Password) > 0 { | if len(form.Password) > 0 { | ||||
| u.Passwd = form.Password | |||||
| var err error | var err error | ||||
| if u.Salt, err = models.GetUserSalt(); err != nil { | if u.Salt, err = models.GetUserSalt(); err != nil { | ||||
| ctx.ServerError("UpdateUser", err) | ctx.ServerError("UpdateUser", err) | ||||
| return | return | ||||
| } | } | ||||
| u.HashPassword() | |||||
| u.HashPassword(form.Password) | |||||
| } | } | ||||
| u.LoginName = form.LoginName | u.LoginName = form.LoginName | ||||
+ 1
- 2
routers/api/v1/admin/user.go
View File
| @@ -126,13 +126,12 @@ func EditUser(ctx *context.APIContext, form api.EditUserOption) { | |||||
| } | } | ||||
| if len(form.Password) > 0 { | if len(form.Password) > 0 { | ||||
| u.Passwd = form.Password | |||||
| var err error | var err error | ||||
| if u.Salt, err = models.GetUserSalt(); err != nil { | if u.Salt, err = models.GetUserSalt(); err != nil { | ||||
| ctx.Error(500, "UpdateUser", err) | ctx.Error(500, "UpdateUser", err) | ||||
| return | return | ||||
| } | } | ||||
| u.HashPassword() | |||||
| u.HashPassword(form.Password) | |||||
| } | } | ||||
| u.LoginName = form.LoginName | u.LoginName = form.LoginName | ||||
+ 1
- 2
routers/user/auth.go
View File
| @@ -984,7 +984,6 @@ func ResetPasswdPost(ctx *context.Context) { | |||||
| return | return | ||||
| } | } | ||||
| u.Passwd = passwd | |||||
| var err error | var err error | ||||
| if u.Rands, err = models.GetUserSalt(); err != nil { | if u.Rands, err = models.GetUserSalt(); err != nil { | ||||
| ctx.ServerError("UpdateUser", err) | ctx.ServerError("UpdateUser", err) | ||||
| @@ -994,7 +993,7 @@ func ResetPasswdPost(ctx *context.Context) { | |||||
| ctx.ServerError("UpdateUser", err) | ctx.ServerError("UpdateUser", err) | ||||
| return | return | ||||
| } | } | ||||
| u.HashPassword() | |||||
| u.HashPassword(passwd) | |||||
| if err := models.UpdateUserCols(u, "passwd", "rands", "salt"); err != nil { | if err := models.UpdateUserCols(u, "passwd", "rands", "salt"); err != nil { | ||||
| ctx.ServerError("UpdateUser", err) | ctx.ServerError("UpdateUser", err) | ||||
| return | return | ||||
+ 1
- 2
routers/user/setting.go
View File
| @@ -229,13 +229,12 @@ func SettingsSecurityPost(ctx *context.Context, form auth.ChangePasswordForm) { | |||||
| } else if form.Password != form.Retype { | } else if form.Password != form.Retype { | ||||
| ctx.Flash.Error(ctx.Tr("form.password_not_match")) | ctx.Flash.Error(ctx.Tr("form.password_not_match")) | ||||
| } else { | } else { | ||||
| ctx.User.Passwd = form.Password | |||||
| var err error | var err error | ||||
| if ctx.User.Salt, err = models.GetUserSalt(); err != nil { | if ctx.User.Salt, err = models.GetUserSalt(); err != nil { | ||||
| ctx.ServerError("UpdateUser", err) | ctx.ServerError("UpdateUser", err) | ||||
| return | return | ||||
| } | } | ||||
| ctx.User.HashPassword() | |||||
| ctx.User.HashPassword(form.Password) | |||||
| if err := models.UpdateUserCols(ctx.User, "salt", "passwd"); err != nil { | if err := models.UpdateUserCols(ctx.User, "salt", "passwd"); err != nil { | ||||
| ctx.ServerError("UpdateUser", err) | ctx.ServerError("UpdateUser", err) | ||||
| return | return | ||||