use bcrypt and keep Md5
This commit is contained in:
duoyun
@ -41,14 +41,14 @@ func (c Auth) doLogin(email, pwd string) revel.Result {
|
|||||||
sessionId := c.Session.Id()
|
sessionId := c.Session.Id()
|
||||||
var msg = ""
|
var msg = ""
|
||||||
|
|
||||||
userInfo := authService.Login(email, pwd)
|
userInfo, err := authService.Login(email, pwd)
|
||||||
if userInfo.Email != "" {
|
if err != nil {
|
||||||
|
// 登录错误, 则错误次数++
|
||||||
|
msg = "wrongUsernameOrPassword"
|
||||||
|
} else {
|
||||||
c.SetSession(userInfo)
|
c.SetSession(userInfo)
|
||||||
sessionService.ClearLoginTimes(sessionId)
|
sessionService.ClearLoginTimes(sessionId)
|
||||||
return c.RenderJson(info.Re{Ok: true})
|
return c.RenderJson(info.Re{Ok: true})
|
||||||
} else {
|
|
||||||
// 登录错误, 则错误次数++
|
|
||||||
msg = "wrongUsernameOrPassword"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return c.RenderJson(info.Re{Ok: false, Item: sessionService.LoginTimesIsOver(sessionId) , Msg: c.Message(msg)})
|
return c.RenderJson(info.Re{Ok: false, Item: sessionService.LoginTimesIsOver(sessionId) , Msg: c.Message(msg)})
|
||||||
@ -61,15 +61,15 @@ func (c Auth) DoLogin(email, pwd string, captcha string) revel.Result {
|
|||||||
if sessionService.LoginTimesIsOver(sessionId) && sessionService.GetCaptcha(sessionId) != captcha {
|
if sessionService.LoginTimesIsOver(sessionId) && sessionService.GetCaptcha(sessionId) != captcha {
|
||||||
msg = "captchaError"
|
msg = "captchaError"
|
||||||
} else {
|
} else {
|
||||||
userInfo := authService.Login(email, pwd)
|
userInfo, err := authService.Login(email, pwd)
|
||||||
if userInfo.Email != "" {
|
if err != nil {
|
||||||
c.SetSession(userInfo)
|
|
||||||
sessionService.ClearLoginTimes(sessionId)
|
|
||||||
return c.RenderJson(info.Re{Ok: true})
|
|
||||||
} else {
|
|
||||||
// 登录错误, 则错误次数++
|
// 登录错误, 则错误次数++
|
||||||
msg = "wrongUsernameOrPassword"
|
msg = "wrongUsernameOrPassword"
|
||||||
sessionService.IncrLoginTimes(sessionId)
|
sessionService.IncrLoginTimes(sessionId)
|
||||||
|
} else {
|
||||||
|
c.SetSession(userInfo)
|
||||||
|
sessionService.ClearLoginTimes(sessionId)
|
||||||
|
return c.RenderJson(info.Re{Ok: true})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -87,8 +87,10 @@ func (c Auth) Logout() revel.Result {
|
|||||||
func (c Auth) Demo() revel.Result {
|
func (c Auth) Demo() revel.Result {
|
||||||
email := configService.GetGlobalStringConfig("demoPassword")
|
email := configService.GetGlobalStringConfig("demoPassword")
|
||||||
pwd := configService.GetGlobalStringConfig("demoPassword");
|
pwd := configService.GetGlobalStringConfig("demoPassword");
|
||||||
userInfo := authService.Login(email, pwd)
|
userInfo, err := authService.Login(email, pwd)
|
||||||
if userInfo.Email != "" {
|
if err != nil {
|
||||||
|
return c.RenderJson(info.Re{Ok: false})
|
||||||
|
} else {
|
||||||
c.SetSession(userInfo)
|
c.SetSession(userInfo)
|
||||||
return c.Redirect("/note")
|
return c.Redirect("/note")
|
||||||
}
|
}
|
||||||
|
|||||||
@ -46,7 +46,10 @@ func (c AdminEmail) Demo() revel.Result {
|
|||||||
func (c AdminEmail) DoDemo(demoUsername, demoPassword string) revel.Result {
|
func (c AdminEmail) DoDemo(demoUsername, demoPassword string) revel.Result {
|
||||||
re := info.NewRe()
|
re := info.NewRe()
|
||||||
|
|
||||||
userInfo := authService.Login(demoUsername, demoPassword)
|
userInfo, err := authService.Login(demoUsername, demoPassword)
|
||||||
|
if err != nil {
|
||||||
|
return c.RenderJson(info.Re{Ok: false})
|
||||||
|
}
|
||||||
if userInfo.UserId == "" {
|
if userInfo.UserId == "" {
|
||||||
re.Msg = "The User is Not Exists";
|
re.Msg = "The User is Not Exists";
|
||||||
return c.RenderJson(re)
|
return c.RenderJson(re)
|
||||||
|
|||||||
@ -56,7 +56,11 @@ func (c AdminSetting) Demo() revel.Result {
|
|||||||
func (c AdminSetting) DoDemo(demoUsername, demoPassword string) revel.Result {
|
func (c AdminSetting) DoDemo(demoUsername, demoPassword string) revel.Result {
|
||||||
re := info.NewRe()
|
re := info.NewRe()
|
||||||
|
|
||||||
userInfo := authService.Login(demoUsername, demoPassword)
|
userInfo, err := authService.Login(demoUsername, demoPassword)
|
||||||
|
if err != nil {
|
||||||
|
fmt.Println(err)
|
||||||
|
return c.RenderJson(info.Re{Ok: false})
|
||||||
|
}
|
||||||
if userInfo.UserId == "" {
|
if userInfo.UserId == "" {
|
||||||
re.Msg = "The User is Not Exists";
|
re.Msg = "The User is Not Exists";
|
||||||
return c.RenderJson(re)
|
return c.RenderJson(re)
|
||||||
|
|||||||
@ -24,14 +24,14 @@ type ApiAuth struct {
|
|||||||
func (c ApiAuth) Login(email, pwd string) revel.Result {
|
func (c ApiAuth) Login(email, pwd string) revel.Result {
|
||||||
var msg = ""
|
var msg = ""
|
||||||
|
|
||||||
userInfo := authService.Login(email, pwd)
|
userInfo, err := authService.Login(email, pwd)
|
||||||
if userInfo.Email != "" {
|
if err != nil {
|
||||||
|
// 登录错误, 则错误次数++
|
||||||
|
msg = "wrongUsernameOrPassword"
|
||||||
|
} else {
|
||||||
token := bson.NewObjectId().Hex()
|
token := bson.NewObjectId().Hex()
|
||||||
sessionService.SetUserId(token, userInfo.UserId.Hex())
|
sessionService.SetUserId(token, userInfo.UserId.Hex())
|
||||||
return c.RenderJson(info.AuthOk{Ok: true, Token: token, UserId: userInfo.UserId, Email: userInfo.Email, Username: userInfo.Username})
|
return c.RenderJson(info.AuthOk{Ok: true, Token: token, UserId: userInfo.UserId, Email: userInfo.Email, Username: userInfo.Username})
|
||||||
} else {
|
|
||||||
// 登录错误, 则错误次数++
|
|
||||||
msg = "wrongUsernameOrPassword"
|
|
||||||
}
|
}
|
||||||
return c.RenderJson(info.ApiRe{Ok: false, Msg: c.Message(msg)})
|
return c.RenderJson(info.ApiRe{Ok: false, Msg: c.Message(msg)})
|
||||||
}
|
}
|
||||||
|
|||||||
26
app/crypto/crypto.go
Normal file
26
app/crypto/crypto.go
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
// Package crypto contains two cryptographic functions for both storing and comparing passwords.
|
||||||
|
package crypto
|
||||||
|
|
||||||
|
import (
|
||||||
|
"golang.org/x/crypto/bcrypt"
|
||||||
|
)
|
||||||
|
|
||||||
|
// GenerateHash generates bcrypt hash from plaintext password
|
||||||
|
func GenerateHash(password string) ([]byte, error) {
|
||||||
|
hex := []byte(password)
|
||||||
|
hashedPassword, err := bcrypt.GenerateFromPassword(hex, 10)
|
||||||
|
if err != nil {
|
||||||
|
return hashedPassword, err
|
||||||
|
}
|
||||||
|
return hashedPassword, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// CompareHash compares bcrypt password with a plaintext one. Returns true if passwords match
|
||||||
|
// and false if they do not.
|
||||||
|
func CompareHash(digest []byte, password string) bool {
|
||||||
|
hex := []byte(password)
|
||||||
|
if err := bcrypt.CompareHashAndPassword(digest, hex); err == nil {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
@ -4,11 +4,13 @@ import (
|
|||||||
"gopkg.in/mgo.v2/bson"
|
"gopkg.in/mgo.v2/bson"
|
||||||
// "github.com/leanote/leanote/app/db"
|
// "github.com/leanote/leanote/app/db"
|
||||||
"github.com/leanote/leanote/app/info"
|
"github.com/leanote/leanote/app/info"
|
||||||
|
. "github.com/leanote/leanote/app/crypto"
|
||||||
// "github.com/revel/revel"
|
// "github.com/revel/revel"
|
||||||
"strings"
|
"strings"
|
||||||
. "github.com/leanote/leanote/app/lea"
|
. "github.com/leanote/leanote/app/lea"
|
||||||
"fmt"
|
"fmt"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
"errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
// 登录与权限
|
// 登录与权限
|
||||||
@ -16,12 +18,21 @@ import (
|
|||||||
type AuthService struct {
|
type AuthService struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// pwd已md5了
|
// 使用bcrypt认证或者Md5认证
|
||||||
func (this *AuthService) Login(emailOrUsername, pwd string) info.User {
|
func (this *AuthService) Login(emailOrUsername, pwd string) (info.User, error) {
|
||||||
emailOrUsername = strings.Trim(emailOrUsername, " ")
|
emailOrUsername = strings.Trim(emailOrUsername, " ")
|
||||||
// pwd = strings.Trim(pwd, " ")
|
// pwd = strings.Trim(pwd, " ")
|
||||||
userInfo := userService.LoginGetUserInfo(emailOrUsername, Md5(pwd))
|
userInfo := userService.GetUserInfoByName(emailOrUsername)
|
||||||
return userInfo
|
passwd := userInfo.Pwd
|
||||||
|
if len(passwd) == 32 && Md5(pwd) != passwd {
|
||||||
|
return userInfo, errors.New("wrong username or password")
|
||||||
|
} else {
|
||||||
|
hex := []byte(passwd)
|
||||||
|
if !CompareHash(hex, pwd) {
|
||||||
|
return userInfo, errors.New("wrong username or password")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return userInfo, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// 注册
|
// 注册
|
||||||
@ -40,7 +51,12 @@ func (this *AuthService) Register(email, pwd, fromUserId string) (bool, string)
|
|||||||
if userService.IsExistsUser(email) {
|
if userService.IsExistsUser(email) {
|
||||||
return false, "userHasBeenRegistered-" + email
|
return false, "userHasBeenRegistered-" + email
|
||||||
}
|
}
|
||||||
user := info.User{UserId: bson.NewObjectId(), Email: email, Username: email, Pwd: Md5(pwd)}
|
digest, err := GenerateHash(pwd)
|
||||||
|
if err != nil {
|
||||||
|
return false,"GenerateHash error"
|
||||||
|
}
|
||||||
|
passwd := string(digest)
|
||||||
|
user := info.User{UserId: bson.NewObjectId(), Email: email, Username: email, Pwd: passwd}
|
||||||
if fromUserId != "" && IsObjectId(fromUserId) {
|
if fromUserId != "" && IsObjectId(fromUserId) {
|
||||||
user.FromUserId = bson.ObjectIdHex(fromUserId)
|
user.FromUserId = bson.ObjectIdHex(fromUserId)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -4,7 +4,7 @@ import (
|
|||||||
"gopkg.in/mgo.v2/bson"
|
"gopkg.in/mgo.v2/bson"
|
||||||
"github.com/leanote/leanote/app/db"
|
"github.com/leanote/leanote/app/db"
|
||||||
"github.com/leanote/leanote/app/info"
|
"github.com/leanote/leanote/app/info"
|
||||||
. "github.com/leanote/leanote/app/lea"
|
. "github.com/leanote/leanote/app/crypto"
|
||||||
)
|
)
|
||||||
|
|
||||||
// 找回密码
|
// 找回密码
|
||||||
@ -45,9 +45,13 @@ func (this *PwdService) UpdatePwd(token, pwd string) (bool, string) {
|
|||||||
if ok, msg, tokenInfo = tokenService.VerifyToken(token, info.TokenPwd); !ok {
|
if ok, msg, tokenInfo = tokenService.VerifyToken(token, info.TokenPwd); !ok {
|
||||||
return ok, msg
|
return ok, msg
|
||||||
}
|
}
|
||||||
|
digest, err := GenerateHash(pwd)
|
||||||
|
if err != nil {
|
||||||
|
return false,"GenerateHash error"
|
||||||
|
}
|
||||||
|
passwd := string(digest)
|
||||||
// 修改密码之
|
// 修改密码之
|
||||||
ok = db.UpdateByQField(db.Users, bson.M{"_id": tokenInfo.UserId}, "Pwd", Md5(pwd))
|
ok = db.UpdateByQField(db.Users, bson.M{"_id": tokenInfo.UserId}, "Pwd", passwd)
|
||||||
|
|
||||||
// 删除token
|
// 删除token
|
||||||
tokenService.DeleteToken(tokenInfo.UserId.Hex(), info.TokenPwd)
|
tokenService.DeleteToken(tokenInfo.UserId.Hex(), info.TokenPwd)
|
||||||
|
|||||||
@ -253,6 +253,20 @@ func (this *UserService) LoginGetUserInfo(emailOrUsername, md5Pwd string) info.U
|
|||||||
return user
|
return user
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 使用email(username), 得到用户信息
|
||||||
|
func (this *UserService) GetUserInfoByName(emailOrUsername string) info.User {
|
||||||
|
emailOrUsername = strings.ToLower(emailOrUsername)
|
||||||
|
|
||||||
|
user := info.User{}
|
||||||
|
if strings.Contains(emailOrUsername, "@") {
|
||||||
|
db.GetByQ(db.Users, bson.M{"Email": emailOrUsername}, &user)
|
||||||
|
} else {
|
||||||
|
db.GetByQ(db.Users, bson.M{"Username": emailOrUsername}, &user)
|
||||||
|
}
|
||||||
|
this.setUserLogo(&user)
|
||||||
|
return user
|
||||||
|
}
|
||||||
|
|
||||||
// 更新username
|
// 更新username
|
||||||
func (this *UserService) UpdateUsername(userId, username string) (bool, string) {
|
func (this *UserService) UpdateUsername(userId, username string) (bool, string) {
|
||||||
if userId == "" || username == "" || username == "admin" { // admin用户是内置的, 不能设置
|
if userId == "" || username == "" || username == "admin" { // admin用户是内置的, 不能设置
|
||||||
|
|||||||
Reference in New Issue
Block a user