mirror of https://github.com/gophish/gophish
Removing support for empty passwords - fixes #149
parent
4fadcc1ee5
commit
3d9e447992
33
auth/auth.go
33
auth/auth.go
|
@ -30,6 +30,10 @@ var Store = sessions.NewCookieStore(
|
|||
// ErrInvalidPassword is thrown when a user provides an incorrect password.
|
||||
var ErrInvalidPassword = errors.New("Invalid Password")
|
||||
|
||||
// ErrEmptyPassword is thrown when a user provides a blank password to the register
|
||||
// or change password functions
|
||||
var ErrEmptyPassword = errors.New("Password cannot be blank")
|
||||
|
||||
// Login attempts to login the user given a request.
|
||||
func Login(r *http.Request) (bool, error) {
|
||||
username, password := r.FormValue("username"), r.FormValue("password")
|
||||
|
@ -61,6 +65,10 @@ func Register(r *http.Request) (bool, error) {
|
|||
}
|
||||
u = models.User{}
|
||||
//If we've made it here, we should have a valid username given
|
||||
// Check that the passsword isn't blank
|
||||
if password == "" {
|
||||
return false, ErrEmptyPassword
|
||||
}
|
||||
//Let's create the password hash
|
||||
h, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
|
@ -89,16 +97,19 @@ func ChangePassword(r *http.Request) error {
|
|||
err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(c))
|
||||
if err != nil {
|
||||
return ErrInvalidPassword
|
||||
} else {
|
||||
// Generate the new hash
|
||||
h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
u.Hash = string(h)
|
||||
if err = models.PutUser(&u); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
// Check that the new password isn't blank
|
||||
if n == "" {
|
||||
return ErrEmptyPassword
|
||||
}
|
||||
// Generate the new hash
|
||||
h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
u.Hash = string(h)
|
||||
if err = models.PutUser(&u); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -223,23 +223,18 @@ func Register(w http.ResponseWriter, r *http.Request) {
|
|||
})
|
||||
session.Save(r, w)
|
||||
http.Redirect(w, r, "/login", 302)
|
||||
} else {
|
||||
// Check the error
|
||||
m := ""
|
||||
if err == models.ErrUsernameTaken {
|
||||
m = "Username already taken"
|
||||
} else {
|
||||
m = "Unknown error - please try again"
|
||||
Logger.Println(err)
|
||||
}
|
||||
session.AddFlash(models.Flash{
|
||||
Type: "danger",
|
||||
Message: m,
|
||||
})
|
||||
session.Save(r, w)
|
||||
http.Redirect(w, r, "/register", 302)
|
||||
return
|
||||
}
|
||||
|
||||
// Check the error
|
||||
m := err.Error()
|
||||
Logger.Println(err)
|
||||
session.AddFlash(models.Flash{
|
||||
Type: "danger",
|
||||
Message: m,
|
||||
})
|
||||
session.Save(r, w)
|
||||
http.Redirect(w, r, "/register", 302)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -333,8 +328,9 @@ func Settings(w http.ResponseWriter, r *http.Request) {
|
|||
msg.Success = false
|
||||
JSONResponse(w, msg, http.StatusBadRequest)
|
||||
return
|
||||
} else if err != nil {
|
||||
msg.Message = "Unknown Error Occured"
|
||||
}
|
||||
if err != nil {
|
||||
msg.Message = err.Error()
|
||||
msg.Success = false
|
||||
JSONResponse(w, msg, http.StatusBadRequest)
|
||||
return
|
||||
|
|
Loading…
Reference in New Issue