mirror of https://github.com/gophish/gophish
Confirm password on registration or change
Updated to confirm password when registering user or changing a user's password. Fixes #180pull/186/head
parent
9485ea2ecd
commit
e39ae8dfdd
33
auth/auth.go
33
auth/auth.go
|
@ -34,6 +34,9 @@ var ErrInvalidPassword = errors.New("Invalid Password")
|
||||||
// or change password functions
|
// or change password functions
|
||||||
var ErrEmptyPassword = errors.New("Password cannot be blank")
|
var ErrEmptyPassword = errors.New("Password cannot be blank")
|
||||||
|
|
||||||
|
// ErrPasswordMismatch is thrown when a user provides passwords that do not match
|
||||||
|
var ErrPasswordMismatch = errors.New("Passwords must match")
|
||||||
|
|
||||||
// Login attempts to login the user given a request.
|
// Login attempts to login the user given a request.
|
||||||
func Login(r *http.Request) (bool, error) {
|
func Login(r *http.Request) (bool, error) {
|
||||||
username, password := r.FormValue("username"), r.FormValue("password")
|
username, password := r.FormValue("username"), r.FormValue("password")
|
||||||
|
@ -56,7 +59,9 @@ func Login(r *http.Request) (bool, error) {
|
||||||
|
|
||||||
// Register attempts to register the user given a request.
|
// Register attempts to register the user given a request.
|
||||||
func Register(r *http.Request) (bool, error) {
|
func Register(r *http.Request) (bool, error) {
|
||||||
username, password := r.FormValue("username"), r.FormValue("password")
|
username := r.FormValue("username")
|
||||||
|
password1 := r.FormValue("password")
|
||||||
|
password2 := r.FormValue("confirm_password")
|
||||||
u, err := models.GetUserByUsername(username)
|
u, err := models.GetUserByUsername(username)
|
||||||
// If we have an error which is not simply indicating that no user was found, report it
|
// If we have an error which is not simply indicating that no user was found, report it
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -64,13 +69,17 @@ func Register(r *http.Request) (bool, error) {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
u = models.User{}
|
u = models.User{}
|
||||||
//If we've made it here, we should have a valid username given
|
// If we've made it here, we should have a valid username given
|
||||||
// Check that the passsword isn't blank
|
// Check that the passsword isn't blank
|
||||||
if password == "" {
|
if password1 == "" {
|
||||||
return false, ErrEmptyPassword
|
return false, ErrEmptyPassword
|
||||||
}
|
}
|
||||||
//Let's create the password hash
|
// Make sure passwords match
|
||||||
h, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
if password1 != password2 {
|
||||||
|
return false, ErrPasswordMismatch
|
||||||
|
}
|
||||||
|
// Let's create the password hash
|
||||||
|
h, err := bcrypt.GenerateFromPassword([]byte(password1), bcrypt.DefaultCost)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
|
@ -92,18 +101,24 @@ func GenerateSecureKey() string {
|
||||||
|
|
||||||
func ChangePassword(r *http.Request) error {
|
func ChangePassword(r *http.Request) error {
|
||||||
u := ctx.Get(r, "user").(models.User)
|
u := ctx.Get(r, "user").(models.User)
|
||||||
c, n := r.FormValue("current_password"), r.FormValue("new_password")
|
currentPw := r.FormValue("current_password")
|
||||||
|
pw1 := r.FormValue("new_password")
|
||||||
|
pw2 := r.FormValue("confirm_new_password")
|
||||||
// Check the current password
|
// Check the current password
|
||||||
err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(c))
|
err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(currentPw))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ErrInvalidPassword
|
return ErrInvalidPassword
|
||||||
}
|
}
|
||||||
// Check that the new password isn't blank
|
// Check that the new password isn't blank
|
||||||
if n == "" {
|
if pw1 == "" {
|
||||||
return ErrEmptyPassword
|
return ErrEmptyPassword
|
||||||
}
|
}
|
||||||
|
// Check that new passwords match
|
||||||
|
if pw1 != pw2 {
|
||||||
|
return ErrPasswordMismatch
|
||||||
|
}
|
||||||
// Generate the new hash
|
// Generate the new hash
|
||||||
h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost)
|
h, err := bcrypt.GenerateFromPassword([]byte(pw1), bcrypt.DefaultCost)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -57,12 +57,19 @@
|
||||||
.form-signin .form-control:focus {
|
.form-signin .form-control:focus {
|
||||||
z-index: 2;
|
z-index: 2;
|
||||||
}
|
}
|
||||||
.form-signin input[type="text"] {
|
.form-signin .top-input {
|
||||||
margin-bottom: -1px;
|
margin-bottom: -1px;
|
||||||
border-bottom-left-radius: 0;
|
border-bottom-left-radius: 0;
|
||||||
border-bottom-right-radius: 0;
|
border-bottom-right-radius: 0;
|
||||||
}
|
}
|
||||||
.form-signin input[type="password"] {
|
.form-signin .middle-input {
|
||||||
|
margin-bottom: -1px;
|
||||||
|
border-top-left-radius: 0;
|
||||||
|
border-top-right-radius: 0;
|
||||||
|
border-bottom-left-radius: 0;
|
||||||
|
border-bottom-right-radius: 0;
|
||||||
|
}
|
||||||
|
.form-signin .bottom-input {
|
||||||
margin-bottom: 10px;
|
margin-bottom: 10px;
|
||||||
border-top-left-radius: 0;
|
border-top-left-radius: 0;
|
||||||
border-top-right-radius: 0;
|
border-top-right-radius: 0;
|
||||||
|
|
|
@ -52,8 +52,8 @@
|
||||||
<img id="logo" src="/images/logo_purple.png" />
|
<img id="logo" src="/images/logo_purple.png" />
|
||||||
<h2 class="form-signin-heading">Please sign in</h2>
|
<h2 class="form-signin-heading">Please sign in</h2>
|
||||||
{{template "flashes" .Flashes}}
|
{{template "flashes" .Flashes}}
|
||||||
<input type="text" name="username" class="form-control" placeholder="Username" required autofocus>
|
<input type="text" name="username" class="form-control top-input" placeholder="Username" required autofocus>
|
||||||
<input type="password" name="password" class="form-control" placeholder="Password" required>
|
<input type="password" name="password" class="form-control bottom-input" placeholder="Password" required>
|
||||||
<input type="hidden" name="csrf_token" value="{{.Token}}"/>
|
<input type="hidden" name="csrf_token" value="{{.Token}}"/>
|
||||||
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
|
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
|
||||||
</form>
|
</form>
|
||||||
|
|
|
@ -52,8 +52,9 @@
|
||||||
<img id="logo" src="/images/logo_purple.png" />
|
<img id="logo" src="/images/logo_purple.png" />
|
||||||
<h2 class="form-signin-heading">Please register below</h2>
|
<h2 class="form-signin-heading">Please register below</h2>
|
||||||
{{template "flashes" .Flashes}}
|
{{template "flashes" .Flashes}}
|
||||||
<input type="text" name="username" class="form-control" placeholder="Username" required autofocus/>
|
<input type="text" name="username" class="form-control top-input" placeholder="Username" required autofocus/>
|
||||||
<input type="password" name="password" class="form-control" placeholder="Password" required/>
|
<input type="password" name="password" class="form-control middle-input" placeholder="Password" required/>
|
||||||
|
<input type="password" name="confirm_password" class="form-control bottom-input" placeholder="Confirm Password" required/>
|
||||||
<input type="hidden" name="csrf_token" value="{{.Token}}"/>
|
<input type="hidden" name="csrf_token" value="{{.Token}}"/>
|
||||||
<button class="btn btn-lg btn-primary btn-block" type="submit">Register</button>
|
<button class="btn btn-lg btn-primary btn-block" type="submit">Register</button>
|
||||||
</form>
|
</form>
|
||||||
|
|
|
@ -70,6 +70,13 @@
|
||||||
<input type="password" id="new_password" name="new_password" class="form-control" />
|
<input type="password" id="new_password" name="new_password" class="form-control" />
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<br />
|
||||||
|
<div class="row">
|
||||||
|
<label for="confirm_new_password" class="col-sm-2 control-label form-label">Confirm New Password:</label>
|
||||||
|
<div class="col-md-6">
|
||||||
|
<input type="password" id="confirm_new_password" name="confirm_new_password" class="form-control" />
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
<input type="hidden" name="csrf_token" value="{{.Token}}"/>
|
<input type="hidden" name="csrf_token" value="{{.Token}}"/>
|
||||||
<br />
|
<br />
|
||||||
<button class="btn btn-primary" type="submit"><i class="fa fa-save"></i> Save</button>
|
<button class="btn btn-primary" type="submit"><i class="fa fa-save"></i> Save</button>
|
||||||
|
|
Loading…
Reference in New Issue