cristiancmoises
/
gophish
mirror of https://github.com/gophish/gophish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Implemented ChangePassword() (now password can be changed from /settings) 

A couple of UI fixes in tables
pull/24/head
Jordan 2014-02-10 13:02:44 -06:00
parent 34b93b7bf4
commit eb8491c144
4 changed files with 42 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
auth/auth.go
View File

@ -1,7 +1,9 @@
package auth package auth
import ( import (
"database/sql"
"encoding/gob" "encoding/gob"
"errors"
"fmt" "fmt"
"io" "io"
"net/http" "net/http"
@ -25,6 +27,8 @@ var Store = sessions.NewCookieStore(
[]byte(securecookie.GenerateRandomKey(64)), //Signing key []byte(securecookie.GenerateRandomKey(64)), //Signing key
[]byte(securecookie.GenerateRandomKey(32))) []byte(securecookie.GenerateRandomKey(32)))
var ErrInvalidPassword = errors.New("Invalid Password")
// Login attempts to login the user given a request. // Login attempts to login the user given a request.
func Login(r *http.Request) (bool, error) { func Login(r *http.Request) (bool, error) {
username, password := r.FormValue("username"), r.FormValue("password") username, password := r.FormValue("username"), r.FormValue("password")
@ -52,7 +56,8 @@ func Login(r *http.Request) (bool, error) {
func Register(r *http.Request) (bool, error) { func Register(r *http.Request) (bool, error) {
username, password := r.FormValue("username"), r.FormValue("password") username, password := r.FormValue("username"), r.FormValue("password")
u, err := db.GetUserByUsername(username) u, err := db.GetUserByUsername(username)
if err != nil { // If we have an error which is not simply indicating that no user was found, report it
if err != sql.ErrNoRows {
return false, err return false, err
} }
//If we've made it here, we should have a valid username given //If we've made it here, we should have a valid username given
@ -78,21 +83,23 @@ func GenerateSecureKey() string {
return fmt.Sprintf("%x", k) return fmt.Sprintf("%x", k)
} }
func ChangePassword(u *models.User, c string, n string) bool { func ChangePassword(r *http.Request) error {
u := ctx.Get(r, "user").(models.User)
c, n := r.FormValue("current_password"), r.FormValue("new_password")
// Check the current password // Check the current password
err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(c)) err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(c))
if err != nil { if err != nil {
return false return ErrInvalidPassword
} else { } else {
// Generate the new hash // Generate the new hash
h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost) h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost)
if err != nil { if err != nil {
return false return err
} }
u.Hash = string(h) u.Hash = string(h)
if err = db.PutUser(u); err != nil { if err = db.PutUser(&u); err != nil {
return false return err
} }
return true return nil
} }
} }

21
controllers/route.go
View File

@ -142,10 +142,23 @@ func Settings(w http.ResponseWriter, r *http.Request) {
Token string Token string
}{Title: "Settings", User: ctx.Get(r, "user").(models.User)} }{Title: "Settings", User: ctx.Get(r, "user").(models.User)}
session := ctx.Get(r, "session").(*sessions.Session) session := ctx.Get(r, "session").(*sessions.Session)
params.Token = nosurf.Token(r) switch {
params.Flashes = session.Flashes() case r.Method == "GET":
session.Save(r, w) params.Token = nosurf.Token(r)
getTemplate(w, "settings").ExecuteTemplate(w, "base", params) params.Flashes = session.Flashes()
session.Save(r, w)
getTemplate(w, "settings").ExecuteTemplate(w, "base", params)
case r.Method == "POST":
err := auth.ChangePassword(r)
if err == auth.ErrInvalidPassword {
Flash(w, r, "danger", "Invalid Password")
} else if err != nil {
Flash(w, r, "danger", "Unknown Error")
} else {
Flash(w, r, "success", "Password successfully reset")
}
http.Redirect(w, r, "/settings", 302)
}
} }
func Campaigns_Id(w http.ResponseWriter, r *http.Request) { func Campaigns_Id(w http.ResponseWriter, r *http.Request) {

7
static/js/app/gophish.js
View File

@ -101,9 +101,16 @@ app.controller('GroupCtrl', function($scope, GroupService, ngTableParams) {
if ($scope.newGroup) { if ($scope.newGroup) {
newGroup.$save(function() { newGroup.$save(function() {
$scope.groups.push(newGroup); $scope.groups.push(newGroup);
$scope.mainTableParams.reload()
}); });
} else { } else {
newGroup.$update() newGroup.$update()
} }
$scope.group = {
name: '',
targets: [],
id: 0
};
$scope.editGroupTableParams.reload()
} }
}) })

7
templates/settings.html
View File

@ -44,19 +44,20 @@
<div class="row"> <div class="row">
<label for="current_password" class="col-sm-2 control-label form-label">Old Password:</label> <label for="current_password" class="col-sm-2 control-label form-label">Old Password:</label>
<div class="col-md-6"> <div class="col-md-6">
<input type="password" id="current_password" class="form-control" /> <input type="password" id="current_password" name="current_password" class="form-control" />
</div> </div>
</div> </div>
<br /> <br />
<div class="row"> <div class="row">
<label for="new_password" class="col-sm-2 control-label form-label">New Password:</label> <label for="new_password" class="col-sm-2 control-label form-label">New Password:</label>
<div class="col-md-6"> <div class="col-md-6">
<input type="password" id="new_password" class="form-control" /> <input type="password" id="new_password" name="new_password" class="form-control" />
</div> </div>
</div> </div>
<input type="hidden" name="csrf_token" value={{%.Token%}}/>
<button class="btn btn-primary" type="submit">Save</button>
</form> </form>
<br/> <br/>
<button class="btn btn-primary">Save</button>
</div> </div>
</div> </div>
{{%end%}} {{%end%}}