From eb8491c144bb5a987fafcd32ac36a15e9f8570a1 Mon Sep 17 00:00:00 2001 From: Jordan Date: Mon, 10 Feb 2014 13:02:44 -0600 Subject: [PATCH] Implemented ChangePassword() (now password can be changed from /settings) A couple of UI fixes in tables --- auth/auth.go | 21 ++++++++++++++------- controllers/route.go | 21 +++++++++++++++++---- static/js/app/gophish.js | 7 +++++++ templates/settings.html | 7 ++++--- 4 files changed, 42 insertions(+), 14 deletions(-) diff --git a/auth/auth.go b/auth/auth.go index 561b6f86..3dbee390 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -1,7 +1,9 @@ package auth import ( + "database/sql" "encoding/gob" + "errors" "fmt" "io" "net/http" @@ -25,6 +27,8 @@ var Store = sessions.NewCookieStore( []byte(securecookie.GenerateRandomKey(64)), //Signing key []byte(securecookie.GenerateRandomKey(32))) +var ErrInvalidPassword = errors.New("Invalid Password") + // Login attempts to login the user given a request. func Login(r *http.Request) (bool, error) { username, password := r.FormValue("username"), r.FormValue("password") @@ -52,7 +56,8 @@ func Login(r *http.Request) (bool, error) { func Register(r *http.Request) (bool, error) { username, password := r.FormValue("username"), r.FormValue("password") u, err := db.GetUserByUsername(username) - if err != nil { + // If we have an error which is not simply indicating that no user was found, report it + if err != sql.ErrNoRows { return false, err } //If we've made it here, we should have a valid username given @@ -78,21 +83,23 @@ func GenerateSecureKey() string { return fmt.Sprintf("%x", k) } -func ChangePassword(u *models.User, c string, n string) bool { +func ChangePassword(r *http.Request) error { + u := ctx.Get(r, "user").(models.User) + c, n := r.FormValue("current_password"), r.FormValue("new_password") // Check the current password err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(c)) if err != nil { - return false + return ErrInvalidPassword } else { // Generate the new hash h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost) if err != nil { - return false + return err } u.Hash = string(h) - if err = db.PutUser(u); err != nil { - return false + if err = db.PutUser(&u); err != nil { + return err } - return true + return nil } } diff --git a/controllers/route.go b/controllers/route.go index 8ef5fd45..8e4a0f63 100644 --- a/controllers/route.go +++ b/controllers/route.go @@ -142,10 +142,23 @@ func Settings(w http.ResponseWriter, r *http.Request) { Token string }{Title: "Settings", User: ctx.Get(r, "user").(models.User)} session := ctx.Get(r, "session").(*sessions.Session) - params.Token = nosurf.Token(r) - params.Flashes = session.Flashes() - session.Save(r, w) - getTemplate(w, "settings").ExecuteTemplate(w, "base", params) + switch { + case r.Method == "GET": + params.Token = nosurf.Token(r) + params.Flashes = session.Flashes() + session.Save(r, w) + getTemplate(w, "settings").ExecuteTemplate(w, "base", params) + case r.Method == "POST": + err := auth.ChangePassword(r) + if err == auth.ErrInvalidPassword { + Flash(w, r, "danger", "Invalid Password") + } else if err != nil { + Flash(w, r, "danger", "Unknown Error") + } else { + Flash(w, r, "success", "Password successfully reset") + } + http.Redirect(w, r, "/settings", 302) + } } func Campaigns_Id(w http.ResponseWriter, r *http.Request) { diff --git a/static/js/app/gophish.js b/static/js/app/gophish.js index 3c44533b..8b11c802 100644 --- a/static/js/app/gophish.js +++ b/static/js/app/gophish.js @@ -101,9 +101,16 @@ app.controller('GroupCtrl', function($scope, GroupService, ngTableParams) { if ($scope.newGroup) { newGroup.$save(function() { $scope.groups.push(newGroup); + $scope.mainTableParams.reload() }); } else { newGroup.$update() } + $scope.group = { + name: '', + targets: [], + id: 0 + }; + $scope.editGroupTableParams.reload() } }) diff --git a/templates/settings.html b/templates/settings.html index e72f8124..6b0f0231 100644 --- a/templates/settings.html +++ b/templates/settings.html @@ -44,19 +44,20 @@
- +

- +
+ +
- {{%end%}}