arch/pogo
1
0
Fork 0
mirror of https://github.com/gmemstr/pogo.git synced 2024-09-19 17:21:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Attempting to fix setup script's password hashing debacle

Browse source
This commit is contained in:
gmemstr 2017-12-05 10:52:22 -08:00
parent 584e513492
commit d9a6482153
3 changed files with 18 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
assets/config/users.db
View file

Binary file not shown.

6
router/router.go
View file

@ -157,9 +157,9 @@ func loginHandler() common.Handler {
password := r.Form.Get("password")
rows, err := statement.Query(username)
if username == "" || password == "" {
if username == "" || password == "" || err != nil {
return &common.HTTPError{
Message: "username or password is empty",
Message: "username or password is invalid",
StatusCode: http.StatusBadRequest,
}
}
@ -180,7 +180,7 @@ func loginHandler() common.Handler {
}
// Create a cookie here because the credentials are correct
if dbun == username && bcrypt.CompareHashAndPassword([]byte(dbhsh), []byte(password)) == nil {
if bcrypt.CompareHashAndPassword([]byte(dbhsh), []byte(password)) == nil {
c, err := auth.CreateSession(&common.User{
Username: username,
})

21
setup.go
View file

@ -12,6 +12,7 @@ import (
"net/http"
"os"
"path/filepath"
"strings"
"github.com/google/go-github/github"
)
@ -38,13 +39,21 @@ func Setup() {
reader := bufio.NewReader(os.Stdin)
fmt.Print("Administrator password: ")
text, err := reader.ReadString('\n')
text = strings.Replace(text, "\n", "", -1)
if err != nil {
fmt.Sprintf("Problem reading password input! %v", err)
}
fmt.Println(text)
hash, err := bcrypt.GenerateFromPassword([]byte(text), 8)
q, err := db.Prepare("INSERT INTO users(id,username,hash,realname,email,permissions) VALUES (0,`admin`,?,`Administrator`,`admin@localhost`,2")
q.Exec(hash)
db.Close()
hash, err := bcrypt.GenerateFromPassword([]byte(text), 4)
if bcrypt.CompareHashAndPassword(hash, []byte(text)) == nil {
fmt.Println("Password hashed")
}
_, err = db.Exec("INSERT INTO users(id,username,hash,realname,email,permissions) VALUES (0,'admin',?,'Administrator','admin@localhost',2)", hash)
if err != nil {
fmt.Sprintf("Problem creating database! %v", err)
}
defer db.Close()
// Download web assets
fmt.Println("Downloading web assets")