使用Crypto加密, 找回密码, 修改密码修复

app/lea/Pwd.go

@@ -0,0 +1,22 @@
+package lea
+
+// 对比密码是否一致
+// 因为之前密码是用md5加密的, 所以通过密码长度来判断
+// rawPwd 原始, 用户输入的密码
+func ComparePwd(rawPwd, dbPwd string) bool {
+	if len(dbPwd) == 32 {
+		return Md5(rawPwd) == dbPwd
+	}
+	
+	hex := []byte(dbPwd)
+	return CompareHash(hex, rawPwd)
+}
+
+// 加密
+func GenPwd(rawPwd string) string {
+	digest, err := GenerateHash(rawPwd)
+	if err != nil {
+		return ""
+	}
+	return string(digest)
+}

app/service/AuthService.go

@@ -5,32 +5,26 @@ import (
 	//	"github.com/leanote/leanote/app/db"
 	"github.com/leanote/leanote/app/info"
 	//	"github.com/revel/revel"
-	"strings"
-	. "github.com/leanote/leanote/app/lea"
-	"fmt"
-	"strconv"
 	"errors"
+	"fmt"
+	. "github.com/leanote/leanote/app/lea"
+	"strconv"
+	"strings"
 )
 
-// 登录与权限
+// 登录与权限 Login & Register
 
 type AuthService struct {
 }
 
 // 使用bcrypt认证或者Md5认证
+// Use bcrypt (Md5 depreciated)
 func (this *AuthService) Login(emailOrUsername, pwd string) (info.User, error) {
 	emailOrUsername = strings.Trim(emailOrUsername, " ")
 	//	pwd = strings.Trim(pwd, " ")
 	userInfo := userService.GetUserInfoByName(emailOrUsername)
-  passwd := userInfo.Pwd
+	if userInfo.UserId == "" || !ComparePwd(pwd, userInfo.Pwd) {
-  if len(passwd) == 32 && Md5(pwd) != passwd {
 		return userInfo, errors.New("wrong username or password")
-  } 
-  if len(passwd) > 32 {
-    hex := []byte(passwd)
-	  if !CompareHash(hex, pwd) {
-		  return userInfo,  errors.New("wrong username or password")
-	  } 
 	}
 	return userInfo, nil
 }
@@ -51,23 +45,21 @@ func (this *AuthService) Register(email, pwd, fromUserId string) (bool, string)
 	if userService.IsExistsUser(email) {
 		return false, "userHasBeenRegistered-" + email
 	}
-  digest, err := GenerateHash(pwd)
+	passwd := GenPwd(pwd)
-	if err != nil {
+	if passwd == "" {
 		return false, "GenerateHash error"
 	}
-  passwd := string(digest)
 	user := info.User{UserId: bson.NewObjectId(), Email: email, Username: email, Pwd: passwd}
 	if fromUserId != "" && IsObjectId(fromUserId) {
 		user.FromUserId = bson.ObjectIdHex(fromUserId)
 	}
-	LogJ(user)
 	return this.register(user)
 }
 
 func (this *AuthService) register(user info.User) (bool, string) {
 	if userService.AddUser(user) {
 		// 添加笔记本, 生活, 学习, 工作
-		userId := user.UserId.Hex();
+		userId := user.UserId.Hex()
 		notebook := info.Notebook{
 			Seq:    -1,
 			UserId: user.UserId}
@@ -76,12 +68,12 @@ func (this *AuthService) register(user info.User) (bool, string) {
 			notebook.Title = title
 			notebook.NotebookId = objectId
 			notebook.UserId = user.UserId
-			notebookService.AddNotebook(notebook);
+			notebookService.AddNotebook(notebook)
 		}
 
 		// 添加leanote -> 该用户的共享
 		registerSharedUserId := configService.GetGlobalStringConfig("registerSharedUserId")
-		if(registerSharedUserId != "") {
+		if registerSharedUserId != "" {
 			registerSharedNotebooks := configService.GetGlobalArrMapConfig("registerSharedNotebooks")
 			registerSharedNotes := configService.GetGlobalArrMapConfig("registerSharedNotes")
 			registerCopyNoteIds := configService.GetGlobalArrayConfig("registerCopyNoteIds")
@@ -89,18 +81,18 @@ func (this *AuthService) register(user info.User) (bool, string) {
 			// 添加共享笔记本
 			for _, notebook := range registerSharedNotebooks {
 				perm, _ := strconv.Atoi(notebook["perm"])
-				shareService.AddShareNotebookToUserId(notebook["notebookId"], perm, registerSharedUserId, userId);
+				shareService.AddShareNotebookToUserId(notebook["notebookId"], perm, registerSharedUserId, userId)
 			}
 
 			// 添加共享笔记
 			for _, note := range registerSharedNotes {
 				perm, _ := strconv.Atoi(note["perm"])
-				shareService.AddShareNoteToUserId(note["noteId"], perm, registerSharedUserId, userId);
+				shareService.AddShareNoteToUserId(note["noteId"], perm, registerSharedUserId, userId)
 			}
 
 			// 复制笔记
 			for _, noteId := range registerCopyNoteIds {
-				note := noteService.CopySharedNote(noteId, title2Id["life"].Hex(), registerSharedUserId, user.UserId.Hex());
+				note := noteService.CopySharedNote(noteId, title2Id["life"].Hex(), registerSharedUserId, user.UserId.Hex())
 				//				Log(noteId)
 				//				Log("Copy")
 				//				LogJ(note)
@@ -131,7 +123,7 @@ func (this *AuthService) register(user info.User) (bool, string) {
 func (this *AuthService) getUsername(thirdType, thirdUsername string) (username string) {
 	username = thirdType + "-" + thirdUsername
 	i := 1
-	for ;; {
+	for {
 		if !userService.IsExistsUserByUsername(username) {
 			return
 		}

app/service/UserService.go

@@ -295,10 +295,16 @@ func (this *UserService) UpdateAvatar(userId, avatarPath string) (bool) {
 // 已经登录了的用户修改密码
 func (this *UserService) UpdatePwd(userId, oldPwd, pwd string) (bool, string) {
 	userInfo := this.GetUserInfo(userId)
-	if userInfo.Pwd != Md5(oldPwd) {
+	if !ComparePwd(oldPwd, userInfo.Pwd) {
 		return false, "oldPasswordError"
 	}
-	ok := db.UpdateByQField(db.Users, bson.M{"_id": bson.ObjectIdHex(userId)}, "Pwd", Md5(pwd))
+
+	passwd := GenPwd(pwd)
+	if passwd == "" {
+		return false, "GenerateHash error"
+	}
+
+	ok := db.UpdateByQField(db.Users, bson.M{"_id": bson.ObjectIdHex(userId)}, "Pwd", passwd)
 	return ok, ""
 }
 
@@ -307,7 +313,12 @@ func (this *UserService) ResetPwd(adminUserId, userId, pwd string) (ok bool, msg
 	if configService.GetAdminUserId() != adminUserId {
 		return
 	}
-	ok = db.UpdateByQField(db.Users, bson.M{"_id": bson.ObjectIdHex(userId)}, "Pwd", Md5(pwd))
+	
+	passwd := GenPwd(pwd)
+	if passwd == "" {
+		return false, "GenerateHash error"
+	}
+	ok = db.UpdateByQField(db.Users, bson.M{"_id": bson.ObjectIdHex(userId)}, "Pwd", passwd)
 	return
 }