mirror of https://github.com/gophish/gophish
Working on authentication
parent
e6343292be
commit
326ab52146
|
@ -0,0 +1,70 @@
|
|||
package main
|
||||
|
||||
/*
|
||||
gophish - Open-Source Phishing Framework
|
||||
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2013 Jordan Wright
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
||||
*/
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
"net/http"
|
||||
|
||||
"code.google.com/p/go.crypto/bcrypt"
|
||||
ctx "github.com/gorilla/context"
|
||||
)
|
||||
|
||||
func CheckLogin(r *http.Request) (bool, error) {
|
||||
username, password := r.FormValue("username"), r.FormValue("password")
|
||||
session, _ := store.Get(r, "gophish")
|
||||
stmt, err := db.Prepare("SELECT * FROM Users WHERE username=?")
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
hash, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
err = stmt.QueryRow(username).Scan(&u.Id, &u.Username, &u.Hash, &u.APIKey)
|
||||
if err == sql.ErrNoRows {
|
||||
return false, err
|
||||
}
|
||||
//If we've made it here, we should have a valid user stored in u
|
||||
//Let's check the password
|
||||
err = bcrypt.CompareHashAndPassword(u.Hash, hash)
|
||||
if err != nil {
|
||||
ctx.Set(r, User, nil)
|
||||
//Return false, but don't return an error
|
||||
return false, nil
|
||||
}
|
||||
ctx.Set(r, User, u)
|
||||
session.Values["id"] = GetUser(r).Id
|
||||
return true, nil
|
||||
}
|
||||
|
||||
func GetUser(r *http.Request) User {
|
||||
if rv := ctx.Get(r, User); rv != nil {
|
||||
return rv.(User)
|
||||
}
|
||||
return nil
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
package main
|
||||
|
||||
/*
|
||||
gophish - Open-Source Phishing Framework
|
||||
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2013 Jordan Wright
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
||||
*/
|
||||
|
||||
import "net/http"
|
||||
|
||||
//Use allows us to stack middleware to process the request
|
||||
//Example taken from https://github.com/gorilla/mux/pull/36#issuecomment-25849172
|
||||
func Use(handler http.Handler, middleware ...func(http.Handler) http.Handler) http.Handler {
|
||||
for _, m := range middleware {
|
||||
handler = m(handler)
|
||||
}
|
||||
return handler
|
||||
}
|
||||
|
||||
//TODO: Add RequireLogin() Middleware
|
21
route.go
21
route.go
|
@ -90,11 +90,21 @@ func Login(w http.ResponseWriter, r *http.Request) {
|
|||
case r.Method == "GET":
|
||||
renderTemplate(w, "login")
|
||||
case r.Method == "POST":
|
||||
//Attempt to login
|
||||
if login(r) {
|
||||
session, _ := store.Get(r, "gophish")
|
||||
//Attempt to login
|
||||
if err := r.ParseForm(); err != nil {
|
||||
http.Error(w, "Error parsing request", http.StatusInternalServerError)
|
||||
}
|
||||
succ, err := login(r)
|
||||
if err != nil {
|
||||
http.Error(w, "Error logging in", http.StatusInternalServerError)
|
||||
}
|
||||
//If we've logged in, save the session and redirect to the dashboard
|
||||
if succ {
|
||||
session.Save(r, w)
|
||||
http.Redirect(w, r, "/", 302)
|
||||
} else {
|
||||
session.AddFlash("Invalid Username/Password")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -103,10 +113,3 @@ func renderTemplate(w http.ResponseWriter, tmpl string) {
|
|||
t := template.Must(template.New("template").ParseFiles("templates/base.html", "templates/nav.html", "templates/"+tmpl+".html"))
|
||||
t.ExecuteTemplate(w, "base", "T")
|
||||
}
|
||||
|
||||
func login(r *http.Request) bool {
|
||||
//session, _ := store.Get(r, "gophish")
|
||||
//session.Values["user"] = User{1, "jordan", "hash", "key"}
|
||||
//user := session.Values["user"].(*User)
|
||||
return true
|
||||
}
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
<form class="form-signin" action="/login" method="POST">
|
||||
<img id="logo" src="/images/logo.png" />
|
||||
<h2 class="form-signin-heading">Please sign in</h2>
|
||||
<input type="text" class="form-control" placeholder="Username" required autofocus>
|
||||
<input type="password" class="form-control" placeholder="Password" required>
|
||||
<input type="text" name="username" class="form-control" placeholder="Username" required autofocus>
|
||||
<input type="password" name="password" class="form-control" placeholder="Password" required>
|
||||
<label class="checkbox">
|
||||
<input type="checkbox" value="remember-me">Remember me
|
||||
</label>
|
||||
|
|
Loading…
Reference in New Issue