使用Crypto加密, 找回密码, 修改密码修复

2015-09-07 15:39:46 +08:00
parent 5794f76b0a
commit c568756d16
4 changed files with 78 additions and 53 deletions
--- a/app/controllers/AuthController.go
+++ b/app/controllers/AuthController.go
@ -40,7 +40,7 @@ func (c Auth) Login(email, from string) revel.Result {
 func (c Auth) doLogin(email, pwd string) revel.Result {
 	sessionId := c.Session.Id()
 	var msg = ""
-	
+
 	userInfo, err := authService.Login(email, pwd)
 	if err != nil {
 		// 登录错误, 则错误次数++
--- a/app/lea/Pwd.go
+++ b/app/lea/Pwd.go
@ -0,0 +1,22 @@
+package lea
+
+// 对比密码是否一致
+// 因为之前密码是用md5加密的, 所以通过密码长度来判断
+// rawPwd 原始, 用户输入的密码
+func ComparePwd(rawPwd, dbPwd string) bool {
+	if len(dbPwd) == 32 {
+		return Md5(rawPwd) == dbPwd
+	}
+	
+	hex := []byte(dbPwd)
+	return CompareHash(hex, rawPwd)
+}
+
+// 加密
+func GenPwd(rawPwd string) string {
+	digest, err := GenerateHash(rawPwd)
+	if err != nil {
+		return ""
+	}
+	return string(digest)
+}
--- a/app/service/AuthService.go
+++ b/app/service/AuthService.go
@ -2,36 +2,30 @@ package service

 import (
 	"gopkg.in/mgo.v2/bson"
-//	"github.com/leanote/leanote/app/db"
+	//	"github.com/leanote/leanote/app/db"
 	"github.com/leanote/leanote/app/info"
-//	"github.com/revel/revel"
-	"strings"
-	. "github.com/leanote/leanote/app/lea"
-	"fmt"
-	"strconv"
+	//	"github.com/revel/revel"
 	"errors"
+	"fmt"
+	. "github.com/leanote/leanote/app/lea"
+	"strconv"
+	"strings"
 )

-// 登录与权限
+// 登录与权限 Login & Register

 type AuthService struct {
 }

 // 使用bcrypt认证或者Md5认证
+// Use bcrypt (Md5 depreciated)
 func (this *AuthService) Login(emailOrUsername, pwd string) (info.User, error) {
 	emailOrUsername = strings.Trim(emailOrUsername, " ")
-  //	pwd = strings.Trim(pwd, " ")
+	//	pwd = strings.Trim(pwd, " ")
 	userInfo := userService.GetUserInfoByName(emailOrUsername)
-  passwd := userInfo.Pwd
-  if len(passwd) == 32 && Md5(pwd) != passwd {
-  	return userInfo,  errors.New("wrong username or password")
-  } 
-  if len(passwd) > 32 {
-    hex := []byte(passwd)
-	  if !CompareHash(hex, pwd) {
-		  return userInfo,  errors.New("wrong username or password")
-	  } 
-  } 
+	if userInfo.UserId == "" || !ComparePwd(pwd, userInfo.Pwd) {
+		return userInfo, errors.New("wrong username or password")
+	}
 	return userInfo, nil
 }

@ -51,76 +45,74 @@ func (this *AuthService) Register(email, pwd, fromUserId string) (bool, string)
 	if userService.IsExistsUser(email) {
 		return false, "userHasBeenRegistered-" + email
 	}
-  digest, err := GenerateHash(pwd)
-	if err != nil {
-		return false,"GenerateHash error"
+	passwd := GenPwd(pwd)
+	if passwd == "" {
+		return false, "GenerateHash error"
 	}
-  passwd := string(digest)
 	user := info.User{UserId: bson.NewObjectId(), Email: email, Username: email, Pwd: passwd}
 	if fromUserId != "" && IsObjectId(fromUserId) {
 		user.FromUserId = bson.ObjectIdHex(fromUserId)
 	}
-	LogJ(user)
 	return this.register(user)
 }

 func (this *AuthService) register(user info.User) (bool, string) {
 	if userService.AddUser(user) {
 		// 添加笔记本, 生活, 学习, 工作
-		userId := user.UserId.Hex();
+		userId := user.UserId.Hex()
 		notebook := info.Notebook{
-			Seq: -1,
+			Seq:    -1,
 			UserId: user.UserId}
 		title2Id := map[string]bson.ObjectId{"life": bson.NewObjectId(), "study": bson.NewObjectId(), "work": bson.NewObjectId()}
 		for title, objectId := range title2Id {
 			notebook.Title = title
 			notebook.NotebookId = objectId
 			notebook.UserId = user.UserId
-			notebookService.AddNotebook(notebook);
+			notebookService.AddNotebook(notebook)
 		}
-		
+
 		// 添加leanote -> 该用户的共享
 		registerSharedUserId := configService.GetGlobalStringConfig("registerSharedUserId")
-		if(registerSharedUserId != "") {
+		if registerSharedUserId != "" {
 			registerSharedNotebooks := configService.GetGlobalArrMapConfig("registerSharedNotebooks")
 			registerSharedNotes := configService.GetGlobalArrMapConfig("registerSharedNotes")
 			registerCopyNoteIds := configService.GetGlobalArrayConfig("registerCopyNoteIds")
-			
+
 			// 添加共享笔记本
 			for _, notebook := range registerSharedNotebooks {
 				perm, _ := strconv.Atoi(notebook["perm"])
-				shareService.AddShareNotebookToUserId(notebook["notebookId"], perm, registerSharedUserId, userId);
+				shareService.AddShareNotebookToUserId(notebook["notebookId"], perm, registerSharedUserId, userId)
 			}
-			
+
 			// 添加共享笔记
 			for _, note := range registerSharedNotes {
 				perm, _ := strconv.Atoi(note["perm"])
-				shareService.AddShareNoteToUserId(note["noteId"], perm, registerSharedUserId, userId);
+				shareService.AddShareNoteToUserId(note["noteId"], perm, registerSharedUserId, userId)
 			}
-			
+
 			// 复制笔记
 			for _, noteId := range registerCopyNoteIds {
-				note := noteService.CopySharedNote(noteId, title2Id["life"].Hex(), registerSharedUserId, user.UserId.Hex());
-//				Log(noteId)
-//				Log("Copy")
-//				LogJ(note)
+				note := noteService.CopySharedNote(noteId, title2Id["life"].Hex(), registerSharedUserId, user.UserId.Hex())
+				//				Log(noteId)
+				//				Log("Copy")
+				//				LogJ(note)
 				noteUpdate := bson.M{"IsBlog": false} // 不要是博客
 				noteService.UpdateNote(user.UserId.Hex(), note.NoteId.Hex(), noteUpdate, -1)
 			}
 		}
-		
+
 		//---------------
 		// 添加一条userBlog
-		blogService.UpdateUserBlog(info.UserBlog{UserId: user.UserId, 
-			Title: user.Username + " 's Blog", 
-			SubTitle: "Love Leanote!",
-			AboutMe: "Hello, I am (^_^)",
+		blogService.UpdateUserBlog(info.UserBlog{UserId: user.UserId,
+			Title:      user.Username + " 's Blog",
+			SubTitle:   "Love Leanote!",
+			AboutMe:    "Hello, I am (^_^)",
 			CanComment: true,
-			})
+		})
 		// 添加一个单页面
 		blogService.AddOrUpdateSingle(user.UserId.Hex(), "", "About Me", "Hello, I am (^_^)")
 	}
-	
+
 	return true, ""
 }

@ -131,7 +123,7 @@ func (this *AuthService) register(user info.User) (bool, string) {
 func (this *AuthService) getUsername(thirdType, thirdUsername string) (username string) {
 	username = thirdType + "-" + thirdUsername
 	i := 1
-	for ;; {
+	for {
 		if !userService.IsExistsUserByUsername(username) {
 			return
 		}
@ -147,11 +139,11 @@ func (this *AuthService) ThirdRegister(thirdType, thirdUserId, thirdUsername str
 	}

 	username := this.getUsername(thirdType, thirdUsername)
-	userInfo = info.User{UserId: bson.NewObjectId(), 
-		Username: username, 
-		ThirdUserId: thirdUserId,
+	userInfo = info.User{UserId: bson.NewObjectId(),
+		Username:      username,
+		ThirdUserId:   thirdUserId,
 		ThirdUsername: thirdUsername,
-		}
+	}
 	_, _ = this.register(userInfo)
 	return
 }
--- a/app/service/UserService.go
+++ b/app/service/UserService.go
@ -295,10 +295,16 @@ func (this *UserService) UpdateAvatar(userId, avatarPath string) (bool) {
 // 已经登录了的用户修改密码
 func (this *UserService) UpdatePwd(userId, oldPwd, pwd string) (bool, string) {
 	userInfo := this.GetUserInfo(userId)
-	if userInfo.Pwd != Md5(oldPwd) {
+	if !ComparePwd(oldPwd, userInfo.Pwd) {
 		return false, "oldPasswordError"
 	}
-	ok := db.UpdateByQField(db.Users, bson.M{"_id": bson.ObjectIdHex(userId)}, "Pwd", Md5(pwd))
+
+	passwd := GenPwd(pwd)
+	if passwd == "" {
+		return false, "GenerateHash error"
+	}
+
+	ok := db.UpdateByQField(db.Users, bson.M{"_id": bson.ObjectIdHex(userId)}, "Pwd", passwd)
 	return ok, ""
 }

@ -307,7 +313,12 @@ func (this *UserService) ResetPwd(adminUserId, userId, pwd string) (ok bool, msg
 	if configService.GetAdminUserId() != adminUserId {
 		return
 	}
-	ok = db.UpdateByQField(db.Users, bson.M{"_id": bson.ObjectIdHex(userId)}, "Pwd", Md5(pwd))
+	
+	passwd := GenPwd(pwd)
+	if passwd == "" {
+		return false, "GenerateHash error"
+	}
+	ok = db.UpdateByQField(db.Users, bson.M{"_id": bson.ObjectIdHex(userId)}, "Pwd", passwd)
 	return
 }