From 3d9e44799282bcb879da598d2b5276785695993e Mon Sep 17 00:00:00 2001 From: Jordan Wright Date: Sat, 13 Feb 2016 16:37:12 -0600 Subject: [PATCH] Removing support for empty passwords - fixes #149 --- auth/auth.go | 33 ++++++++++++++++++++++----------- controllers/route.go | 32 ++++++++++++++------------------ 2 files changed, 36 insertions(+), 29 deletions(-) diff --git a/auth/auth.go b/auth/auth.go index af8327f5..9ce86a3b 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -30,6 +30,10 @@ var Store = sessions.NewCookieStore( // ErrInvalidPassword is thrown when a user provides an incorrect password. var ErrInvalidPassword = errors.New("Invalid Password") +// ErrEmptyPassword is thrown when a user provides a blank password to the register +// or change password functions +var ErrEmptyPassword = errors.New("Password cannot be blank") + // Login attempts to login the user given a request. func Login(r *http.Request) (bool, error) { username, password := r.FormValue("username"), r.FormValue("password") @@ -61,6 +65,10 @@ func Register(r *http.Request) (bool, error) { } u = models.User{} //If we've made it here, we should have a valid username given + // Check that the passsword isn't blank + if password == "" { + return false, ErrEmptyPassword + } //Let's create the password hash h, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) if err != nil { @@ -89,16 +97,19 @@ func ChangePassword(r *http.Request) error { err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(c)) if err != nil { return ErrInvalidPassword - } else { - // Generate the new hash - h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost) - if err != nil { - return err - } - u.Hash = string(h) - if err = models.PutUser(&u); err != nil { - return err - } - return nil } + // Check that the new password isn't blank + if n == "" { + return ErrEmptyPassword + } + // Generate the new hash + h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost) + if err != nil { + return err + } + u.Hash = string(h) + if err = models.PutUser(&u); err != nil { + return err + } + return nil } diff --git a/controllers/route.go b/controllers/route.go index 22c163af..aa17cf78 100644 --- a/controllers/route.go +++ b/controllers/route.go @@ -223,23 +223,18 @@ func Register(w http.ResponseWriter, r *http.Request) { }) session.Save(r, w) http.Redirect(w, r, "/login", 302) - } else { - // Check the error - m := "" - if err == models.ErrUsernameTaken { - m = "Username already taken" - } else { - m = "Unknown error - please try again" - Logger.Println(err) - } - session.AddFlash(models.Flash{ - Type: "danger", - Message: m, - }) - session.Save(r, w) - http.Redirect(w, r, "/register", 302) + return } - + // Check the error + m := err.Error() + Logger.Println(err) + session.AddFlash(models.Flash{ + Type: "danger", + Message: m, + }) + session.Save(r, w) + http.Redirect(w, r, "/register", 302) + return } } @@ -333,8 +328,9 @@ func Settings(w http.ResponseWriter, r *http.Request) { msg.Success = false JSONResponse(w, msg, http.StatusBadRequest) return - } else if err != nil { - msg.Message = "Unknown Error Occured" + } + if err != nil { + msg.Message = err.Error() msg.Success = false JSONResponse(w, msg, http.StatusBadRequest) return