2014-01-09 06:42:05 +00:00
|
|
|
package auth
|
|
|
|
|
|
|
|
import (
|
|
|
|
"database/sql"
|
2014-01-09 23:18:49 +00:00
|
|
|
"encoding/gob"
|
2014-01-09 06:42:05 +00:00
|
|
|
"net/http"
|
|
|
|
|
|
|
|
"code.google.com/p/go.crypto/bcrypt"
|
|
|
|
ctx "github.com/gorilla/context"
|
|
|
|
"github.com/gorilla/securecookie"
|
|
|
|
"github.com/gorilla/sessions"
|
2014-01-09 23:18:49 +00:00
|
|
|
"github.com/jordan-wright/gophish/db"
|
2014-01-09 06:42:05 +00:00
|
|
|
"github.com/jordan-wright/gophish/models"
|
|
|
|
)
|
|
|
|
|
2014-01-09 23:18:49 +00:00
|
|
|
//init registers the necessary models to be saved in the session later
|
|
|
|
func init() {
|
|
|
|
gob.Register(&models.User{})
|
|
|
|
}
|
|
|
|
|
2014-01-11 04:37:42 +00:00
|
|
|
var Store = sessions.NewCookieStore(
|
|
|
|
[]byte(securecookie.GenerateRandomKey(64)), //Signing key
|
2014-01-11 06:10:52 +00:00
|
|
|
[]byte(securecookie.GenerateRandomKey(32)))
|
2014-01-09 06:42:05 +00:00
|
|
|
|
|
|
|
// CheckLogin attempts to request a SQL record with the given username.
|
|
|
|
// If successful, it then compares the received bcrypt hash.
|
|
|
|
// If all checks pass, this function sets the session id for later use.
|
2014-01-11 06:10:52 +00:00
|
|
|
func Login(r *http.Request) (bool, error) {
|
2014-01-09 06:42:05 +00:00
|
|
|
username, password := r.FormValue("username"), r.FormValue("password")
|
|
|
|
session, _ := Store.Get(r, "gophish")
|
2014-01-09 23:18:49 +00:00
|
|
|
stmt, err := db.Conn.Prepare("SELECT * FROM Users WHERE username=?")
|
2014-01-09 06:42:05 +00:00
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
u := models.User{}
|
|
|
|
err = stmt.QueryRow(username).Scan(&u.Id, &u.Username, &u.Hash, &u.APIKey)
|
|
|
|
if err == sql.ErrNoRows {
|
2014-01-10 03:21:54 +00:00
|
|
|
//Return false, but don't return an error
|
|
|
|
return false, nil
|
|
|
|
} else if err != nil {
|
2014-01-09 06:42:05 +00:00
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
//If we've made it here, we should have a valid user stored in u
|
|
|
|
//Let's check the password
|
2014-01-09 23:18:49 +00:00
|
|
|
err = bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(password))
|
2014-01-09 06:42:05 +00:00
|
|
|
if err != nil {
|
2014-01-09 23:18:49 +00:00
|
|
|
ctx.Set(r, "user", nil)
|
2014-01-09 06:42:05 +00:00
|
|
|
//Return false, but don't return an error
|
|
|
|
return false, nil
|
|
|
|
}
|
2014-01-09 23:18:49 +00:00
|
|
|
ctx.Set(r, "user", u)
|
|
|
|
session.Values["id"] = u.Id
|
2014-01-09 06:42:05 +00:00
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
|
2014-01-13 02:00:52 +00:00
|
|
|
func GetUserById(id int) (models.User, error) {
|
2014-01-10 04:21:12 +00:00
|
|
|
u := models.User{}
|
2014-01-13 02:00:52 +00:00
|
|
|
stmt, err := db.Conn.Prepare("SELECT id, username, apikey FROM Users WHERE id=?")
|
2014-01-10 04:21:12 +00:00
|
|
|
if err != nil {
|
|
|
|
return u, err
|
|
|
|
}
|
2014-01-13 02:00:52 +00:00
|
|
|
err = stmt.QueryRow(id).Scan(&u.Id, &u.Username, &u.APIKey)
|
|
|
|
if err != nil {
|
|
|
|
//Return false, but don't return an error
|
|
|
|
return u, err
|
|
|
|
}
|
|
|
|
return u, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func GetUserByAPIKey(key []byte) (models.User, error) {
|
|
|
|
u := models.User{}
|
|
|
|
stmt, err := db.Conn.Prepare("SELECT id, username, apikey FROM Users WHERE apikey=?")
|
|
|
|
if err != nil {
|
|
|
|
return u, err
|
|
|
|
}
|
|
|
|
err = stmt.QueryRow(key).Scan(&u.Id, &u.Username, &u.APIKey)
|
2014-01-10 04:21:12 +00:00
|
|
|
if err != nil {
|
|
|
|
//Return false, but don't return an error
|
|
|
|
return u, err
|
2014-01-09 06:42:05 +00:00
|
|
|
}
|
2014-01-10 04:21:12 +00:00
|
|
|
return u, nil
|
2014-01-09 06:42:05 +00:00
|
|
|
}
|