mirror of
https://github.com/gmemstr/pogo.git
synced 2024-09-19 17:21:10 +01:00
Attempting to fix setup script's password hashing debacle
This commit is contained in:
parent
584e513492
commit
d9a6482153
Binary file not shown.
|
@ -157,9 +157,9 @@ func loginHandler() common.Handler {
|
|||
password := r.Form.Get("password")
|
||||
rows, err := statement.Query(username)
|
||||
|
||||
if username == "" || password == "" {
|
||||
if username == "" || password == "" || err != nil {
|
||||
return &common.HTTPError{
|
||||
Message: "username or password is empty",
|
||||
Message: "username or password is invalid",
|
||||
StatusCode: http.StatusBadRequest,
|
||||
}
|
||||
}
|
||||
|
@ -180,7 +180,7 @@ func loginHandler() common.Handler {
|
|||
|
||||
}
|
||||
// Create a cookie here because the credentials are correct
|
||||
if dbun == username && bcrypt.CompareHashAndPassword([]byte(dbhsh), []byte(password)) == nil {
|
||||
if bcrypt.CompareHashAndPassword([]byte(dbhsh), []byte(password)) == nil {
|
||||
c, err := auth.CreateSession(&common.User{
|
||||
Username: username,
|
||||
})
|
||||
|
|
21
setup.go
21
setup.go
|
@ -12,6 +12,7 @@ import (
|
|||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/google/go-github/github"
|
||||
)
|
||||
|
@ -38,13 +39,21 @@ func Setup() {
|
|||
reader := bufio.NewReader(os.Stdin)
|
||||
fmt.Print("Administrator password: ")
|
||||
text, err := reader.ReadString('\n')
|
||||
text = strings.Replace(text, "\n", "", -1)
|
||||
if err != nil {
|
||||
fmt.Sprintf("Problem reading password input! %v", err)
|
||||
}
|
||||
fmt.Println(text)
|
||||
|
||||
hash, err := bcrypt.GenerateFromPassword([]byte(text), 8)
|
||||
|
||||
q, err := db.Prepare("INSERT INTO users(id,username,hash,realname,email,permissions) VALUES (0,`admin`,?,`Administrator`,`admin@localhost`,2")
|
||||
q.Exec(hash)
|
||||
|
||||
db.Close()
|
||||
hash, err := bcrypt.GenerateFromPassword([]byte(text), 4)
|
||||
if bcrypt.CompareHashAndPassword(hash, []byte(text)) == nil {
|
||||
fmt.Println("Password hashed")
|
||||
}
|
||||
_, err = db.Exec("INSERT INTO users(id,username,hash,realname,email,permissions) VALUES (0,'admin',?,'Administrator','admin@localhost',2)", hash)
|
||||
if err != nil {
|
||||
fmt.Sprintf("Problem creating database! %v", err)
|
||||
}
|
||||
defer db.Close()
|
||||
|
||||
// Download web assets
|
||||
fmt.Println("Downloading web assets")
|
||||
|
|
Loading…
Reference in a new issue