cristiancmoises
/
gophish
mirror of https://github.com/gophish/gophish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removing support for empty passwords - fixes #149

pull/157/head
Jordan Wright 2016-02-13 16:37:12 -06:00
parent 4fadcc1ee5
commit 3d9e447992
2 changed files with 36 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
auth/auth.go
View File

@ -30,6 +30,10 @@ var Store = sessions.NewCookieStore(
// ErrInvalidPassword is thrown when a user provides an incorrect password. // ErrInvalidPassword is thrown when a user provides an incorrect password.
var ErrInvalidPassword = errors.New("Invalid Password") var ErrInvalidPassword = errors.New("Invalid Password")
// ErrEmptyPassword is thrown when a user provides a blank password to the register
// or change password functions
var ErrEmptyPassword = errors.New("Password cannot be blank")
// Login attempts to login the user given a request. // Login attempts to login the user given a request.
func Login(r *http.Request) (bool, error) { func Login(r *http.Request) (bool, error) {
username, password := r.FormValue("username"), r.FormValue("password") username, password := r.FormValue("username"), r.FormValue("password")
@ -61,6 +65,10 @@ func Register(r *http.Request) (bool, error) {
} }
u = models.User{} u = models.User{}
//If we've made it here, we should have a valid username given //If we've made it here, we should have a valid username given
// Check that the passsword isn't blank
if password == "" {
return false, ErrEmptyPassword
}
//Let's create the password hash //Let's create the password hash
h, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) h, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil { if err != nil {
@ -89,7 +97,11 @@ func ChangePassword(r *http.Request) error {
err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(c)) err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(c))
if err != nil { if err != nil {
return ErrInvalidPassword return ErrInvalidPassword
} else { }
// Check that the new password isn't blank
if n == "" {
return ErrEmptyPassword
}
// Generate the new hash // Generate the new hash
h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost) h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost)
if err != nil { if err != nil {
@ -100,5 +112,4 @@ func ChangePassword(r *http.Request) error {
return err return err
} }
return nil return nil
}
} }

20
controllers/route.go
View File

@ -223,23 +223,18 @@ func Register(w http.ResponseWriter, r *http.Request) {
}) })
session.Save(r, w) session.Save(r, w)
http.Redirect(w, r, "/login", 302) http.Redirect(w, r, "/login", 302)
} else { return
// Check the error
m := ""
if err == models.ErrUsernameTaken {
m = "Username already taken"
} else {
m = "Unknown error - please try again"
Logger.Println(err)
} }
// Check the error
m := err.Error()
Logger.Println(err)
session.AddFlash(models.Flash{ session.AddFlash(models.Flash{
Type: "danger", Type: "danger",
Message: m, Message: m,
}) })
session.Save(r, w) session.Save(r, w)
http.Redirect(w, r, "/register", 302) http.Redirect(w, r, "/register", 302)
} return
} }
} }
@ -333,8 +328,9 @@ func Settings(w http.ResponseWriter, r *http.Request) {
msg.Success = false msg.Success = false
JSONResponse(w, msg, http.StatusBadRequest) JSONResponse(w, msg, http.StatusBadRequest)
return return
} else if err != nil { }
msg.Message = "Unknown Error Occured" if err != nil {
msg.Message = err.Error()
msg.Success = false msg.Success = false
JSONResponse(w, msg, http.StatusBadRequest) JSONResponse(w, msg, http.StatusBadRequest)
return return