Removing support for empty passwords - fixes #149

pull/157/head
Jordan Wright 2016-02-13 16:37:12 -06:00
parent 4fadcc1ee5
commit 3d9e447992
2 changed files with 36 additions and 29 deletions

View File

@ -30,6 +30,10 @@ var Store = sessions.NewCookieStore(
// ErrInvalidPassword is thrown when a user provides an incorrect password.
var ErrInvalidPassword = errors.New("Invalid Password")
// ErrEmptyPassword is thrown when a user provides a blank password to the register
// or change password functions
var ErrEmptyPassword = errors.New("Password cannot be blank")
// Login attempts to login the user given a request.
func Login(r *http.Request) (bool, error) {
username, password := r.FormValue("username"), r.FormValue("password")
@ -61,6 +65,10 @@ func Register(r *http.Request) (bool, error) {
}
u = models.User{}
//If we've made it here, we should have a valid username given
// Check that the passsword isn't blank
if password == "" {
return false, ErrEmptyPassword
}
//Let's create the password hash
h, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
@ -89,7 +97,11 @@ func ChangePassword(r *http.Request) error {
err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(c))
if err != nil {
return ErrInvalidPassword
} else {
}
// Check that the new password isn't blank
if n == "" {
return ErrEmptyPassword
}
// Generate the new hash
h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost)
if err != nil {
@ -101,4 +113,3 @@ func ChangePassword(r *http.Request) error {
}
return nil
}
}

View File

@ -223,23 +223,18 @@ func Register(w http.ResponseWriter, r *http.Request) {
})
session.Save(r, w)
http.Redirect(w, r, "/login", 302)
} else {
// Check the error
m := ""
if err == models.ErrUsernameTaken {
m = "Username already taken"
} else {
m = "Unknown error - please try again"
Logger.Println(err)
return
}
// Check the error
m := err.Error()
Logger.Println(err)
session.AddFlash(models.Flash{
Type: "danger",
Message: m,
})
session.Save(r, w)
http.Redirect(w, r, "/register", 302)
}
return
}
}
@ -333,8 +328,9 @@ func Settings(w http.ResponseWriter, r *http.Request) {
msg.Success = false
JSONResponse(w, msg, http.StatusBadRequest)
return
} else if err != nil {
msg.Message = "Unknown Error Occured"
}
if err != nil {
msg.Message = err.Error()
msg.Success = false
JSONResponse(w, msg, http.StatusBadRequest)
return