2014-01-09 06:42:05 +00:00
|
|
|
package auth
|
|
|
|
|
|
|
|
import (
|
|
|
|
"database/sql"
|
2014-01-09 23:18:49 +00:00
|
|
|
"encoding/gob"
|
2014-01-09 06:42:05 +00:00
|
|
|
"net/http"
|
|
|
|
|
|
|
|
"code.google.com/p/go.crypto/bcrypt"
|
|
|
|
ctx "github.com/gorilla/context"
|
|
|
|
"github.com/gorilla/securecookie"
|
|
|
|
"github.com/gorilla/sessions"
|
2014-01-09 23:18:49 +00:00
|
|
|
"github.com/jordan-wright/gophish/db"
|
2014-01-09 06:42:05 +00:00
|
|
|
"github.com/jordan-wright/gophish/models"
|
|
|
|
)
|
|
|
|
|
2014-01-09 23:18:49 +00:00
|
|
|
//init registers the necessary models to be saved in the session later
|
|
|
|
func init() {
|
|
|
|
gob.Register(&models.User{})
|
2014-02-02 20:47:06 +00:00
|
|
|
gob.Register(&models.Flash{})
|
2014-01-09 23:18:49 +00:00
|
|
|
}
|
|
|
|
|
2014-01-11 04:37:42 +00:00
|
|
|
var Store = sessions.NewCookieStore(
|
|
|
|
[]byte(securecookie.GenerateRandomKey(64)), //Signing key
|
2014-01-11 06:10:52 +00:00
|
|
|
[]byte(securecookie.GenerateRandomKey(32)))
|
2014-01-09 06:42:05 +00:00
|
|
|
|
|
|
|
// CheckLogin attempts to request a SQL record with the given username.
|
|
|
|
// If successful, it then compares the received bcrypt hash.
|
|
|
|
// If all checks pass, this function sets the session id for later use.
|
2014-01-11 06:10:52 +00:00
|
|
|
func Login(r *http.Request) (bool, error) {
|
2014-01-09 06:42:05 +00:00
|
|
|
username, password := r.FormValue("username"), r.FormValue("password")
|
|
|
|
session, _ := Store.Get(r, "gophish")
|
|
|
|
u := models.User{}
|
2014-01-30 21:08:14 +00:00
|
|
|
err := db.Conn.SelectOne(&u, "SELECT * FROM Users WHERE username=?", username)
|
2014-01-09 06:42:05 +00:00
|
|
|
if err == sql.ErrNoRows {
|
2014-01-10 03:21:54 +00:00
|
|
|
//Return false, but don't return an error
|
|
|
|
return false, nil
|
|
|
|
} else if err != nil {
|
2014-01-09 06:42:05 +00:00
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
//If we've made it here, we should have a valid user stored in u
|
|
|
|
//Let's check the password
|
2014-01-09 23:18:49 +00:00
|
|
|
err = bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(password))
|
2014-01-09 06:42:05 +00:00
|
|
|
if err != nil {
|
2014-01-09 23:18:49 +00:00
|
|
|
ctx.Set(r, "user", nil)
|
2014-01-09 06:42:05 +00:00
|
|
|
//Return false, but don't return an error
|
|
|
|
return false, nil
|
|
|
|
}
|
2014-01-09 23:18:49 +00:00
|
|
|
ctx.Set(r, "user", u)
|
|
|
|
session.Values["id"] = u.Id
|
2014-01-09 06:42:05 +00:00
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
|
2014-01-13 04:39:40 +00:00
|
|
|
// GetUserById returns the user that the given id corresponds to. If no user is found, an
|
|
|
|
// error is thrown.
|
2014-02-01 02:49:22 +00:00
|
|
|
func GetUserById(id int64) (models.User, error) {
|
2014-01-10 04:21:12 +00:00
|
|
|
u := models.User{}
|
2014-02-01 02:49:22 +00:00
|
|
|
err := db.Conn.SelectOne(&u, "SELECT id, username, api_key FROM Users WHERE id=?", id)
|
2014-01-13 02:00:52 +00:00
|
|
|
if err != nil {
|
|
|
|
return u, err
|
|
|
|
}
|
|
|
|
return u, nil
|
|
|
|
}
|
|
|
|
|
2014-01-13 04:39:40 +00:00
|
|
|
// GetUserByAPIKey returns the user that the given API Key corresponds to. If no user is found, an
|
|
|
|
// error is thrown.
|
2014-01-13 02:00:52 +00:00
|
|
|
func GetUserByAPIKey(key []byte) (models.User, error) {
|
|
|
|
u := models.User{}
|
2014-02-01 02:49:22 +00:00
|
|
|
err := db.Conn.SelectOne(&u, "SELECT id, username, api_key FROM Users WHERE apikey=?", key)
|
2014-01-10 04:21:12 +00:00
|
|
|
if err != nil {
|
|
|
|
return u, err
|
2014-01-09 06:42:05 +00:00
|
|
|
}
|
2014-01-10 04:21:12 +00:00
|
|
|
return u, nil
|
2014-01-09 06:42:05 +00:00
|
|
|
}
|