From d9a64821532a98a58d12fb9716e5d930cfd5f01d Mon Sep 17 00:00:00 2001
From: gmemstr <bladesimmer@gmail.com>
Date: Tue, 5 Dec 2017 10:52:22 -0800
Subject: [PATCH] Attempting to fix setup script's password hashing debacle

---
 assets/config/users.db | Bin 0 -> 20480 bytes
 router/router.go       |   6 +++---
 setup.go               |  21 +++++++++++++++------
 3 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/assets/config/users.db b/assets/config/users.db
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..edfb057814372d9d6a756221717b126970af14b0 100644
GIT binary patch
literal 20480
zcmeI)zi!h&90%~bI4uULHJjHPB9SOn)da+bR1+Cw#c|uzp>db^(p(w~|Dm=6tYzi_
zn0X&wfyZbW7`R+0g)ZF~lJ8Hx*mwEe#lMfdoMh$r$c;+Drdgiwl07Al38iG8F+xa1
zwhh^Cg362PO-G&={rjRqb|2Qaj31=B{h4fkH@+EP<plx)5P$##AOHafKmY;|fB*#6
zTHvs{X*QcQDET-R#YHSPrlUe!%td;3x4Y5l+m>%L-+JlV>`rby<%!slGaHu{ePEg<
z{lwLp^Fri>`l$RfKU8BOtFthggv{}L`?cL?-ht1&f$OrvzSFb%0qfcUvj+Zw<H_kg
z+w<ALbB+e~4pS>Eel}#jJ^X8Y#*5i<OeW=m$G1sxKqNeh|9t&U<VjQ%QI;0BH_>Ql
zo8}9Xk|>>skH0JB^D<NYk-GCyTb-(n%KfP=m8!`HO<z20Te4B(3y}u`0uX=z1Rwwb
z2tWV=5P$##AOL~?EHIVZbMvzLq)GWCiPBn|*Y=*(^6}((&vLTXu*Xl%d;T=&oci-I
zALgy&PVm;>?Rx2ZE~b0#hc~afZ8tb|P9kfuKva}DFSA^&wjXC_Jf3AmS$QPuqQ*}m
z4+I1t009U<00Izz00bZa0SG_<0xKw>X}Z4L|6dd1dIbwaNf3Yl1Rwwb2tWV=5P$##
zAOL~&7SJ_QSFZvr-~YcN#?^X*pn3>E00Izz00bZa0SG_<0uX?}>Ivvn?*G*v0sI1$
Ce6WcC

literal 0
HcmV?d00001

diff --git a/router/router.go b/router/router.go
index 5aedc94..1039b43 100644
--- a/router/router.go
+++ b/router/router.go
@@ -157,9 +157,9 @@ func loginHandler() common.Handler {
 		password := r.Form.Get("password")
 		rows, err := statement.Query(username)
 
-		if username == "" || password == "" {
+		if username == "" || password == "" || err != nil {
 			return &common.HTTPError{
-				Message:    "username or password is empty",
+				Message:    "username or password is invalid",
 				StatusCode: http.StatusBadRequest,
 			}
 		}
@@ -180,7 +180,7 @@ func loginHandler() common.Handler {
 
 		}
 		// Create a cookie here because the credentials are correct
-		if dbun == username && bcrypt.CompareHashAndPassword([]byte(dbhsh), []byte(password)) == nil {
+		if bcrypt.CompareHashAndPassword([]byte(dbhsh), []byte(password)) == nil {
 			c, err := auth.CreateSession(&common.User{
 				Username: username,
 			})
diff --git a/setup.go b/setup.go
index 7d02ee7..264161d 100644
--- a/setup.go
+++ b/setup.go
@@ -12,6 +12,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/google/go-github/github"
 )
@@ -38,13 +39,21 @@ func Setup() {
 	reader := bufio.NewReader(os.Stdin)
 	fmt.Print("Administrator password: ")
 	text, err := reader.ReadString('\n')
+	text = strings.Replace(text, "\n", "", -1)
+	if err != nil {
+		fmt.Sprintf("Problem reading password input! %v", err)
+	}
+	fmt.Println(text)
 
-	hash, err := bcrypt.GenerateFromPassword([]byte(text), 8)
-
-	q, err := db.Prepare("INSERT INTO users(id,username,hash,realname,email,permissions) VALUES (0,`admin`,?,`Administrator`,`admin@localhost`,2")
-	q.Exec(hash)
-
-	db.Close()
+	hash, err := bcrypt.GenerateFromPassword([]byte(text), 4)
+	if bcrypt.CompareHashAndPassword(hash, []byte(text)) == nil {
+		fmt.Println("Password hashed")
+	}
+	_, err = db.Exec("INSERT INTO users(id,username,hash,realname,email,permissions) VALUES (0,'admin',?,'Administrator','admin@localhost',2)", hash)
+	if err != nil {
+		fmt.Sprintf("Problem creating database! %v", err)
+	}
+	defer db.Close()
 
 	// Download web assets
 	fmt.Println("Downloading web assets")