From fc6d5567428cb6dff99e4847d9e80557a8680691 Mon Sep 17 00:00:00 2001 From: Jordan Wright Date: Tue, 12 Jan 2016 20:46:17 -0600 Subject: [PATCH] Caused API key to be generated dynamically for admin user. Fixes #60 --- auth/auth.go | 1 - models/models.go | 14 ++++++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/auth/auth.go b/auth/auth.go index f267c068..ca2b2c6b 100644 --- a/auth/auth.go +++ b/auth/auth.go @@ -57,7 +57,6 @@ func Register(r *http.Request) (bool, error) { fmt.Println(err) return false, err } - fmt.Println("Made it here!") u = models.User{} //If we've made it here, we should have a valid username given //Let's create the password hash diff --git a/models/models.go b/models/models.go index d3d980fb..530ce55d 100644 --- a/models/models.go +++ b/models/models.go @@ -1,12 +1,15 @@ package models import ( + "crypto/rand" "errors" + "fmt" + "io" "log" "os" - "github.com/jinzhu/gorm" "github.com/gophish/gophish/config" + "github.com/jinzhu/gorm" _ "github.com/mattn/go-sqlite3" // Blank import needed to import sqlite3 ) @@ -45,6 +48,13 @@ type Response struct { Data interface{} `json:"data"` } +// Copy of auth.GenerateSecureKey to prevent cyclic import with auth library +func generateSecureKey() string { + k := make([]byte, 32) + io.ReadFull(rand.Reader, k) + return fmt.Sprintf("%x", k) +} + // Setup initializes the Conn object // It also populates the Gophish Config object func Setup() error { @@ -77,8 +87,8 @@ func Setup() error { initUser := User{ Username: "admin", Hash: "$2a$10$IYkPp0.QsM81lYYPrQx6W.U6oQGw7wMpozrKhKAHUBVL4mkm/EvAS", //gophish - ApiKey: "12345678901234567890123456789012", } + initUser.ApiKey = generateSecureKey() err = db.Save(&initUser).Error if err != nil { Logger.Println(err)