mirror of https://github.com/gophish/gophish
Working on authentication
parent
e6343292be
commit
326ab52146
|
@ -0,0 +1,70 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
/*
|
||||||
|
gophish - Open-Source Phishing Framework
|
||||||
|
|
||||||
|
The MIT License (MIT)
|
||||||
|
|
||||||
|
Copyright (c) 2013 Jordan Wright
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in
|
||||||
|
all copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||||
|
THE SOFTWARE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import (
|
||||||
|
"database/sql"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"code.google.com/p/go.crypto/bcrypt"
|
||||||
|
ctx "github.com/gorilla/context"
|
||||||
|
)
|
||||||
|
|
||||||
|
func CheckLogin(r *http.Request) (bool, error) {
|
||||||
|
username, password := r.FormValue("username"), r.FormValue("password")
|
||||||
|
session, _ := store.Get(r, "gophish")
|
||||||
|
stmt, err := db.Prepare("SELECT * FROM Users WHERE username=?")
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
hash, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
err = stmt.QueryRow(username).Scan(&u.Id, &u.Username, &u.Hash, &u.APIKey)
|
||||||
|
if err == sql.ErrNoRows {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
//If we've made it here, we should have a valid user stored in u
|
||||||
|
//Let's check the password
|
||||||
|
err = bcrypt.CompareHashAndPassword(u.Hash, hash)
|
||||||
|
if err != nil {
|
||||||
|
ctx.Set(r, User, nil)
|
||||||
|
//Return false, but don't return an error
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
ctx.Set(r, User, u)
|
||||||
|
session.Values["id"] = GetUser(r).Id
|
||||||
|
return true, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func GetUser(r *http.Request) User {
|
||||||
|
if rv := ctx.Get(r, User); rv != nil {
|
||||||
|
return rv.(User)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
/*
|
||||||
|
gophish - Open-Source Phishing Framework
|
||||||
|
|
||||||
|
The MIT License (MIT)
|
||||||
|
|
||||||
|
Copyright (c) 2013 Jordan Wright
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in
|
||||||
|
all copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||||
|
THE SOFTWARE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import "net/http"
|
||||||
|
|
||||||
|
//Use allows us to stack middleware to process the request
|
||||||
|
//Example taken from https://github.com/gorilla/mux/pull/36#issuecomment-25849172
|
||||||
|
func Use(handler http.Handler, middleware ...func(http.Handler) http.Handler) http.Handler {
|
||||||
|
for _, m := range middleware {
|
||||||
|
handler = m(handler)
|
||||||
|
}
|
||||||
|
return handler
|
||||||
|
}
|
||||||
|
|
||||||
|
//TODO: Add RequireLogin() Middleware
|
21
route.go
21
route.go
|
@ -90,11 +90,21 @@ func Login(w http.ResponseWriter, r *http.Request) {
|
||||||
case r.Method == "GET":
|
case r.Method == "GET":
|
||||||
renderTemplate(w, "login")
|
renderTemplate(w, "login")
|
||||||
case r.Method == "POST":
|
case r.Method == "POST":
|
||||||
//Attempt to login
|
|
||||||
if login(r) {
|
|
||||||
session, _ := store.Get(r, "gophish")
|
session, _ := store.Get(r, "gophish")
|
||||||
|
//Attempt to login
|
||||||
|
if err := r.ParseForm(); err != nil {
|
||||||
|
http.Error(w, "Error parsing request", http.StatusInternalServerError)
|
||||||
|
}
|
||||||
|
succ, err := login(r)
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, "Error logging in", http.StatusInternalServerError)
|
||||||
|
}
|
||||||
|
//If we've logged in, save the session and redirect to the dashboard
|
||||||
|
if succ {
|
||||||
session.Save(r, w)
|
session.Save(r, w)
|
||||||
http.Redirect(w, r, "/", 302)
|
http.Redirect(w, r, "/", 302)
|
||||||
|
} else {
|
||||||
|
session.AddFlash("Invalid Username/Password")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -103,10 +113,3 @@ func renderTemplate(w http.ResponseWriter, tmpl string) {
|
||||||
t := template.Must(template.New("template").ParseFiles("templates/base.html", "templates/nav.html", "templates/"+tmpl+".html"))
|
t := template.Must(template.New("template").ParseFiles("templates/base.html", "templates/nav.html", "templates/"+tmpl+".html"))
|
||||||
t.ExecuteTemplate(w, "base", "T")
|
t.ExecuteTemplate(w, "base", "T")
|
||||||
}
|
}
|
||||||
|
|
||||||
func login(r *http.Request) bool {
|
|
||||||
//session, _ := store.Get(r, "gophish")
|
|
||||||
//session.Values["user"] = User{1, "jordan", "hash", "key"}
|
|
||||||
//user := session.Values["user"].(*User)
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
<form class="form-signin" action="/login" method="POST">
|
<form class="form-signin" action="/login" method="POST">
|
||||||
<img id="logo" src="/images/logo.png" />
|
<img id="logo" src="/images/logo.png" />
|
||||||
<h2 class="form-signin-heading">Please sign in</h2>
|
<h2 class="form-signin-heading">Please sign in</h2>
|
||||||
<input type="text" class="form-control" placeholder="Username" required autofocus>
|
<input type="text" name="username" class="form-control" placeholder="Username" required autofocus>
|
||||||
<input type="password" class="form-control" placeholder="Password" required>
|
<input type="password" name="password" class="form-control" placeholder="Password" required>
|
||||||
<label class="checkbox">
|
<label class="checkbox">
|
||||||
<input type="checkbox" value="remember-me">Remember me
|
<input type="checkbox" value="remember-me">Remember me
|
||||||
</label>
|
</label>
|
||||||
|
|
Loading…
Reference in New Issue