use bcrypt and keep Md5
This commit is contained in:
duoyun
@ -4,11 +4,13 @@ import (
|
||||
"gopkg.in/mgo.v2/bson"
|
||||
// "github.com/leanote/leanote/app/db"
|
||||
"github.com/leanote/leanote/app/info"
|
||||
. "github.com/leanote/leanote/app/crypto"
|
||||
// "github.com/revel/revel"
|
||||
"strings"
|
||||
. "github.com/leanote/leanote/app/lea"
|
||||
"fmt"
|
||||
"strconv"
|
||||
"errors"
|
||||
)
|
||||
|
||||
// 登录与权限
|
||||
@ -16,12 +18,21 @@ import (
|
||||
type AuthService struct {
|
||||
}
|
||||
|
||||
// pwd已md5了
|
||||
func (this *AuthService) Login(emailOrUsername, pwd string) info.User {
|
||||
// 使用bcrypt认证或者Md5认证
|
||||
func (this *AuthService) Login(emailOrUsername, pwd string) (info.User, error) {
|
||||
emailOrUsername = strings.Trim(emailOrUsername, " ")
|
||||
// pwd = strings.Trim(pwd, " ")
|
||||
userInfo := userService.LoginGetUserInfo(emailOrUsername, Md5(pwd))
|
||||
return userInfo
|
||||
// pwd = strings.Trim(pwd, " ")
|
||||
userInfo := userService.GetUserInfoByName(emailOrUsername)
|
||||
passwd := userInfo.Pwd
|
||||
if len(passwd) == 32 && Md5(pwd) != passwd {
|
||||
return userInfo, errors.New("wrong username or password")
|
||||
} else {
|
||||
hex := []byte(passwd)
|
||||
if !CompareHash(hex, pwd) {
|
||||
return userInfo, errors.New("wrong username or password")
|
||||
}
|
||||
}
|
||||
return userInfo, nil
|
||||
}
|
||||
|
||||
// 注册
|
||||
@ -40,7 +51,12 @@ func (this *AuthService) Register(email, pwd, fromUserId string) (bool, string)
|
||||
if userService.IsExistsUser(email) {
|
||||
return false, "userHasBeenRegistered-" + email
|
||||
}
|
||||
user := info.User{UserId: bson.NewObjectId(), Email: email, Username: email, Pwd: Md5(pwd)}
|
||||
digest, err := GenerateHash(pwd)
|
||||
if err != nil {
|
||||
return false,"GenerateHash error"
|
||||
}
|
||||
passwd := string(digest)
|
||||
user := info.User{UserId: bson.NewObjectId(), Email: email, Username: email, Pwd: passwd}
|
||||
if fromUserId != "" && IsObjectId(fromUserId) {
|
||||
user.FromUserId = bson.ObjectIdHex(fromUserId)
|
||||
}
|
||||
|
||||
@ -4,7 +4,7 @@ import (
|
||||
"gopkg.in/mgo.v2/bson"
|
||||
"github.com/leanote/leanote/app/db"
|
||||
"github.com/leanote/leanote/app/info"
|
||||
. "github.com/leanote/leanote/app/lea"
|
||||
. "github.com/leanote/leanote/app/crypto"
|
||||
)
|
||||
|
||||
// 找回密码
|
||||
@ -45,9 +45,13 @@ func (this *PwdService) UpdatePwd(token, pwd string) (bool, string) {
|
||||
if ok, msg, tokenInfo = tokenService.VerifyToken(token, info.TokenPwd); !ok {
|
||||
return ok, msg
|
||||
}
|
||||
|
||||
digest, err := GenerateHash(pwd)
|
||||
if err != nil {
|
||||
return false,"GenerateHash error"
|
||||
}
|
||||
passwd := string(digest)
|
||||
// 修改密码之
|
||||
ok = db.UpdateByQField(db.Users, bson.M{"_id": tokenInfo.UserId}, "Pwd", Md5(pwd))
|
||||
ok = db.UpdateByQField(db.Users, bson.M{"_id": tokenInfo.UserId}, "Pwd", passwd)
|
||||
|
||||
// 删除token
|
||||
tokenService.DeleteToken(tokenInfo.UserId.Hex(), info.TokenPwd)
|
||||
|
||||
@ -253,6 +253,20 @@ func (this *UserService) LoginGetUserInfo(emailOrUsername, md5Pwd string) info.U
|
||||
return user
|
||||
}
|
||||
|
||||
// 使用email(username), 得到用户信息
|
||||
func (this *UserService) GetUserInfoByName(emailOrUsername string) info.User {
|
||||
emailOrUsername = strings.ToLower(emailOrUsername)
|
||||
|
||||
user := info.User{}
|
||||
if strings.Contains(emailOrUsername, "@") {
|
||||
db.GetByQ(db.Users, bson.M{"Email": emailOrUsername}, &user)
|
||||
} else {
|
||||
db.GetByQ(db.Users, bson.M{"Username": emailOrUsername}, &user)
|
||||
}
|
||||
this.setUserLogo(&user)
|
||||
return user
|
||||
}
|
||||
|
||||
// 更新username
|
||||
func (this *UserService) UpdateUsername(userId, username string) (bool, string) {
|
||||
if userId == "" || username == "" || username == "admin" { // admin用户是内置的, 不能设置
|
||||
|
||||
Reference in New Issue
Block a user