Beispiel #1
0
func (user *User) GenerateSecret() string {
	base := make([]byte, 256)
	for i, _ := range base {
		base[i] = byte(rand.Int())
	}

	bytes, err := bcrypt.GenerateFromPassword([]byte(base), bcrypt.MinCost)
	if err != nil {
		fmt.Println("Error generating secret hash:", err)
		return ""
	}
	secret := string(bytes)
	// secret = secret[7:]
	fmt.Println("Generate secret:", secret)

	hash, err := bcrypt.GenerateFromPassword([]byte(secret), 12)
	if err != nil {
		fmt.Println("Error generating secret hash:", err)
	}
	fmt.Println("Generate secret: hash:", string(hash))
	user.Secret = string(hash)
	user.Save()

	return secret
}
Beispiel #2
0
// Set associates the plain text password given with the user that is uniquely
// identified by id. The password is hashed with bcrypt. If there is a problem
// with hashing or with storing the password, an error is returned.
//
// This may be called on a new user.
func (s *Store) Set(id, password string) (cerr error) {
	defer csql.Safe(&cerr)

	hash, err := bcrypt.GenerateFromPassword(
		[]byte(password), bcrypt.DefaultCost)
	if err != nil {
		return err
	}

	// This lock can be avoided if we use some sort of upsert.
	// It's possible with Postgres, but this is just way easier.
	locker.Lock(id)
	defer locker.Unlock(id)

	n := csql.Count(s, `
		SELECT COUNT(*) FROM `+SqlTableName+` WHERE id = $1
		`, id)
	if n == 0 {
		csql.Exec(s, `
			INSERT INTO `+SqlTableName+` (id, hash) VALUES ($1, $2)
			`, id, hash)
	} else {
		csql.Exec(s, `
			UPDATE `+SqlTableName+` SET id = $1, hash = $2 WHERE id = $1
			`, id, hash)
	}
	return nil
}
Beispiel #3
0
func (s *S) TestUserCheckPasswordChecksBcryptPasswordFirst(c *gocheck.C) {
	passwd, err := bcrypt.GenerateFromPassword([]byte("123456"), cost)
	c.Assert(err, gocheck.IsNil)
	u := User{Email: "wolverine@xmen", Password: string(passwd)}
	err = u.CheckPassword("123456")
	c.Assert(err, gocheck.IsNil)
}
Beispiel #4
0
// Encrypts the user password before saving it in the database.
func (user *User) hashPassword() {
	if hash, err := bcrypt.GenerateFromPassword([]byte(user.Password), bcrypt.DefaultCost); err == nil {
		user.Password = string(hash[:])
	} else {
		Logger.Error(err.Error())
	}
}
Beispiel #5
0
func GorpInit() {
	db.Init()
	Dbm = &gorp.DbMap{Db: db.Db, Dialect: gorp.PostgresDialect{}}

	ub := Dbm.AddTable(models.UserBase{}).SetKeys(true, "UserId")
	ub.ColMap("Email").Unique = true
	setColumnSizes(ub, map[string]int{
		"UserName": 32,
		"Email":    64,
	})

	Dbm.AddTable(models.UserVolatile{}).SetKeys(true, "UserId")
	Dbm.AddTable(models.UserAuth{}).SetKeys(true, "UserId")

	Dbm.TraceOn("[gorp]", log.New(GLogger{glog.Info}, "", 0))
	Dbm.CreateTablesIfNotExists()

	if fill {
		now := time.Now().UnixNano()

		demoUser := &models.UserBase{0, "demo", "*****@*****.**"}
		errU := Dbm.Insert(demoUser)
		checkFail(errU)

		demoVolatile := &models.UserVolatile{demoUser.UserId, now, 0, 0, 0, now}
		errV := Dbm.Insert(demoVolatile)
		checkFail(errV)

		demoPassword, _ := bcrypt.GenerateFromPassword([]byte("demo"), bcrypt.DefaultCost)
		demoAuth := &models.UserAuth{demoUser.UserId, demoPassword, "", 0, 0, 0, 0}
		errA := Dbm.Insert(demoAuth)
		checkFail(errA)
	}

}
Beispiel #6
0
func Init() {
	db.Init()
	Dbm = &gorp.DbMap{Db: db.Db, Dialect: gorp.SqliteDialect{}}

	setColumnSizes := func(t *gorp.TableMap, colSizes map[string]int) {
		for col, size := range colSizes {
			t.ColMap(col).MaxSize = size
		}
	}

	t := Dbm.AddTable(models.User{}).SetKeys(true, "UserId")
	t.ColMap("Password").Transient = true
	setColumnSizes(t, map[string]int{
		"Username": 20,
		"Name":     100,
	})

	t = Dbm.AddTable(models.Post{}).SetKeys(true, "PostId")
	setColumnSizes(t, map[string]int{
		"Body": 100,
	})

	Dbm.TraceOn("[gorp]", r.INFO)
	Dbm.CreateTables()

	//	setting admin password
	bcryptPassword, _ := bcrypt.GenerateFromPassword(
		[]byte("demo"), bcrypt.DefaultCost)
	demoUser := &models.User{0, "Demo User", "demo", "demo", bcryptPassword}
	if err := Dbm.Insert(demoUser); err != nil {
		panic(err)
	}
}
Beispiel #7
0
//hash user password
func authHassPassword(password string) (string, error) {
	bytePass, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		return "", nil
	}
	return string(bytePass), nil
}
Beispiel #8
0
// AddClient creates the named client tunnel configuration.
func AddClient(
	name, hostAddr, connectAddr string, localPort int32) (err error) {

	// Create the client's tunnel configuration.
	tc := TunnelConfig{}
	tc.Host = hostAddr
	tc.Pwd = make([]byte, 48)
	tc.Port = localPort

	if _, err = rand.Read(tc.Pwd); err != nil {
		return
	}

	_, tc.CaCert, err = loadKeyAndCert()
	if err != nil {
		return
	}

	// Create the server's configuration file.
	cc := ClientConfig{}
	cc.ConnectAddr = connectAddr
	cc.PwdHash, err = bcrypt.GenerateFromPassword(tc.Pwd, bcrypt.DefaultCost)
	if err != nil {
		return
	}

	// Write the config files.
	if err = tc.Save(clientTunnelPath(name)); err != nil {
		return
	}

	err = cc.Save(clientsPath(name))

	return
}
Beispiel #9
0
// BcryptHash returns the bcrypt hash of the password at the default cost.
// Panics on error. Result is byte array. Based on bcrypt.GenerateFromPassword
func BcryptHash(password []byte) []byte {
	hash, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
	if err != nil {
		panic(err)
	}
	return hash
}
Beispiel #10
0
func NewUser(email string, password string) *User {
	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 10)
	if err != nil {
		return nil
	}
	return &User{email, hashedPassword}
}
Beispiel #11
0
// Generate a bcrypt hash given a request.
func GenerateBcryptHash(hr *HashRequest) (*HashResponse, error) {

	// First, grab the hash options and either use what the user specified or
	// set them to the defaults (recommended).
	if err := mergo.Merge(hr.Options, DefaultHashRequestOptions); err != nil {
		return nil, errors.New("Invalid options specified.")
	}

	// If the user specified no cost (or a cost smaller than the minimum
	// allowed), we'll automatically set the cost to the bcrypt library's
	// recommended value.
	if hr.Options.Cost < bcrypt.MinCost {
		hr.Options.Cost = bcrypt.DefaultCost
	}

	// Compute the bcrypt hash.
	hash, err := bcrypt.GenerateFromPassword([]byte(hr.String), hr.Options.Cost)
	if err != nil {
		return nil, errors.New("Could not compute the bcrypt hash.")
	}

	// Send our response to the user.
	return &HashResponse{Hash: string(hash)}, nil

}
Beispiel #12
0
func (u *user) SetPassword(password string) {
	hpass, err := bcrypt.GenerateFromPassword([]byet(password), bcrypt.DefaultCost)
	if err != nil {
		panic(err) //this is a panic because bcrypt errors on invalid cost
	}
	u.Password = hpass
}
Beispiel #13
0
// Create and save the new user
func (c App) saveUser(user models.User, verifyPassword string) error {

	// Validate the user, make sure passwords are valid ...
	c.Validation.Required(verifyPassword)
	c.Validation.Required(verifyPassword == user.Password).
		Message("Password does not match")
	user.Validate(c.Validation)

	if c.Validation.HasErrors() {
		c.Validation.Keep()
		c.FlashParams()
		return errors.New("Unable to validate input")
	}

	user.HashedPassword, _ = bcrypt.GenerateFromPassword(
		[]byte(user.Password), bcrypt.DefaultCost)

	// Insert the new user into the database
	err := c.Txn.Insert(&user)
	if err != nil {
		return newError("Unable to save user in database", err)
	}

	return nil
}
Beispiel #14
0
func (user *User) newUser(dataMap map[string]string, res *AccMngResponse) {
	// Hashing password, if hash fails, abort user
	hash, err := bcrypt.GenerateFromPassword([]byte(dataMap["Password"]), 12)
	if err != nil {
		log.Printf("Function addUser: Error when encrypting the password.\n%v\b", err)
		res.Status = false
		res.Message = "Error when encrypting the password"
		return
	}

	// Converting the IsAdmin flag from string to bool
	var flag bool
	switch dataMap["Isadmin"] {
	case "true":
		flag = true
	default:
		flag = false
		// default:
		// 	log.Printf("Function addUser: Error when converting isadmin to boolean.\n")
		// 	res.Status = false
		// 	res.Message = "Error when converting isadmin to boolean"
		// 	return
	}

	user.FirstName = dataMap["Firstname"]
	user.LastName = dataMap["Lastname"]
	user.IsAdmin = flag
	user.Email = dataMap["Email"]
	user.Password = string(hash)
	user.Avatar = dataMap["Avatar"]

	res.Status = true
	res.Message = ""
}
Beispiel #15
0
func main() {
	var cliOpts struct {
		Cost int `short:"c" long:"cost" description:"Custom cost factor"`
	}

	cliOpts.Cost = 12

	parser := flags.NewParser(&cliOpts, flags.Default)
	parser.Usage = "PASSWORD"

	args, err := parser.Parse()
	if err != nil {
		panic(err)
	}

	if cliOpts.Cost < bcrypt.MinCost {
		fmt.Printf("Minimum cost is %d.\n", bcrypt.MinCost)
		os.Exit(1)
	} else if cliOpts.Cost > bcrypt.MaxCost {
		fmt.Printf("Maximum cost is %d.\n", bcrypt.MaxCost)
		os.Exit(1)
	}

	if len(args) == 0 {
		parser.WriteHelp(os.Stderr)
		os.Exit(1)
	}

	hash, err := bcrypt.GenerateFromPassword([]byte(args[0]), cliOpts.Cost)
	if err != nil {
		panic(err)
	}

	fmt.Println(string(hash))
}
Beispiel #16
0
func hashPassword(password string) ([]byte, error) {
	hashed, err := bcrypt.GenerateFromPassword([]byte(password), 10)
	if err != nil {
		return hashed, util.NewError(err, "Error de servidor", 500)
	}
	return hashed, nil
}
Beispiel #17
0
func main() {
	var st, dt time.Time
	workFactor := flag.Int("wf", 12, "bcrypt work factor, default is 12")
	doTime := flag.Bool("t", false, "print out how long it took to hash")
	flag.Usage = func() {
		fmt.Fprintf(os.Stderr, "%s [flags] <password to hash>\n flags:\n", os.Args[0])
		flag.PrintDefaults()
	}
	flag.Parse()
	tPass := flag.Arg(0)
	if tPass == "" {
		flag.Usage()
		return
	}
	if *doTime {
		st = time.Now()
	}
	pHash, err := bcrypt.GenerateFromPassword([]byte(tPass), *workFactor)
	if *doTime {
		dt = time.Now()
	}
	if err != nil {
		fmt.Println("Could not hash password because of this", err)
	} else {
		fmt.Println("password hashed in", dt.Sub(st))
		fmt.Println(string(pHash))
	}
}
Beispiel #18
0
// 创建数字ID作为用户唯一标识
func (this *Server) SignUp(con net.Conn, name, password string) int {
	id := rand.New(rand.NewSource(time.Now().UnixNano())).Intn(10000)
	strID := strconv.Itoa(id)
	this.SendMSG(con, strID)
	log.Println("注册成功")
	log.Println("用户昵称: " + name)
	log.Println("用户账号: " + strID)
	con.Close()

	manager, err := db.NewDBManager()
	if err != nil {
		log.Println(err)
	}
	defer manager.Close()

	p, _ := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	var fs []string
	fs = make([]string, 0)
	fs = append(fs, "000")
	fs = append(fs, "111")
	fs = append(fs, "222")
	fs = append(fs, "333")
	u := db.User{ID: id, Name: name, AvatarUrl: "", Password: p, Friends: fs}

	err = manager.RegisterUser(u)
	if err != nil {
		log.Println(err)
	}

	return id
}
Beispiel #19
0
func (auth *Auth) HashPassword(password string) (string, error) {
	b, err := bcrypt.GenerateFromPassword([]byte(password), auth.cost)
	if err != nil {
		return "", err
	}
	return string(b), nil
}
Beispiel #20
0
func (c Application) SaveUser(user models.User, verifyPassword string) rev.Result {
	c.Validation.Required(verifyPassword)
	c.Validation.Required(verifyPassword == user.Password).
		Message("Password does not match")
	user.Validate(c.Validation)

	if c.Validation.HasErrors() {
		c.Validation.Keep()
		c.FlashParams()
		return c.Redirect(Application.Register)
	}

	bcryptPassword, _ := bcrypt.GenerateFromPassword(
		[]byte(user.Password), bcrypt.DefaultCost)
	_, err := c.Txn.Exec(
		"insert into User (Username, HashedPassword, Name) values (?, ?, ?)",
		user.Username, bcryptPassword, user.Name)
	if err != nil {
		panic(err)
	}

	c.Session["user"] = user.Username
	c.Flash.Success("Welcome, " + user.Name)
	return c.Redirect(Hotels.Index)
}
Beispiel #21
0
func Hash(in string) (string, error) {
	password := []byte(in)

	hashedPassword, err := bcrypt.GenerateFromPassword(password, 10)

	return string(hashedPassword), err
}
Beispiel #22
0
//  ユーザーを追加する
func addUser(c appengine.Context, email, password string) error {

	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		return err
	}

	user := User{
		Email:        email,
		PasswordHash: hash,
	}

	ik := datastore.NewIncompleteKey(c, UserEntity, nil)
	key, err := datastore.Put(c, ik, &user)
	if err != nil {
		return err
	}

	user.Id = key.IntID()                 // 生成されたIDを格納する
	_, err = datastore.Put(c, key, &user) // 再度格納
	if err != nil {
		return err
	}

	return nil
}
Beispiel #23
0
func NewUser(username, email, password string) (User, error) {
	user := User{
		Email:    email,
		Username: username,
	}
	if username == "" {
		return user, errNoUsername
	}

	if email == "" {
		return user, errNoEmail
	}

	if password == "" {
		return user, errNoPassword
	}

	if len(password) < passwordLength {
		return user, errPasswordTooShort
	}
	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), hashCost)

	user.HashedPassword = string(hashedPassword)
	user.ID = GenerateID("usr", userIDLength)
	return user, err
}
Beispiel #24
0
// CreateTeam adds a team to the game, or returns Exists if teamID is already in use
func (ss *stockServer) CreateTeam(args *stockrpc.CreateTeamArgs, reply *stockrpc.CreateTeamReply) error {
	// lookup userID based on session
	_, err := ss.RetrieveSession(args.SessionKey)
	if err != nil {
		reply.Status = datatypes.NoSuchSession
		return nil
	}
	userList := make([]string, 0)

	// Create team pw
	hashed, err := bcrypt.GenerateFromPassword([]byte(args.Password), bcrypt.DefaultCost)
	if err != nil {
		reply.Status = datatypes.BadData
		return nil
	}

	team := datatypes.Team{
		TeamID:   args.TeamID,
		Users:    userList,
		HashPW:   string(hashed),
		Balance:  DefaultStartAmount,
		Holdings: make(map[string]string),
	}

	data := &datatypes.DataArgs{Team: team}

	// Attempt to CreateTeam and return propogated status
	status, err := ss.ls.Transact(datatypes.CreateTeam, data)
	if err != nil {
		return err
	}

	reply.Status = status
	return nil
}
Beispiel #25
0
func (u *User) SetPassword(pw string) (err error) {
	hpass, err := bcrypt.GenerateFromPassword([]byte(pw), bcrypt.DefaultCost)
	if err == nil {
		u.Password = hpass
	}
	return err
}
Beispiel #26
0
func (u UserController) SignUpApi() http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		// Assuming password 1 and password 2 match

		email := r.FormValue("email")
		password := r.FormValue("password")

		// Assuming user doesn't exist

		hashedPass, err := bcrypt.GenerateFromPassword([]byte(password), 9)
		if err != nil {
			log.Fatal(err)
		}

		// Send email confirmation

		account := UserModel{}.Create(email, string(hashedPass))

		session, _ := store.Get(r, "user")
		session.Values["user"] = account
		session.Save(r, w)

		http.Redirect(w, r, "/settings", http.StatusTemporaryRedirect)
	}
}
Beispiel #27
0
func (u *User) SetPassword(password string) {
	hpass, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		panic(err) // bcrypt errors on invalid costs
	}
	u.Password = hpass
}
Beispiel #28
0
func createHashPassword(password string) string {

	hashByte, _ := bcrypt.GenerateFromPassword([]byte(password), 5)
	hashedPassword := string(hashByte)
	return hashedPassword

}
Beispiel #29
0
func (c *App) SaveUser(user models.UserBase, auth models.UserAuth, password, verifyPassword string) revel.Result {
	user.UserName = user.Email[:strings.Index(user.Email, "@")]
	_, e_exists := c.checkUserExists(user.UserName, user.Email)

	if e_exists {
		msg := "Sorry, "
		if e_exists {
			c.Flash.Data["user.Email"] = ""
			msg += "an account is already registered with that email address."
		}
		c.Flash.Error(msg)
		c.Validation.Keep()
		c.FlashParams()
		return c.Redirect(routes.App.Signup())
	}

	auth.HashedPassword, _ = bcrypt.GenerateFromPassword(
		[]byte(password), bcrypt.DefaultCost)

	err := c.insertNewUser(user, auth)
	if err != nil {
		panic(err)
	}

	c.Session["user"] = user.UserName
	c.Flash.Success("Welcome, " + user.UserName)
	return c.Redirect(routes.App.Index())
}
Beispiel #30
0
func (account *CassAccount) SetPassword(password string) error {
	err := validatePassword(password)
	if err != nil {
		return err
	}

	salt := account.conn.dl.cfg.OptPasswordSecretSalt()
	hashCost := account.conn.dl.cfg.OptPasswordHashCost()

	password_hash, err := bcrypt.GenerateFromPassword([]byte(password+salt), int(hashCost))
	if err != nil {
		return err
	}

	err = account.conn.session.Query(`
            UPDATE accounts
            SET password_hash = ?
            WHERE username = ?
    `, password_hash, account.Username()).Exec()
	if err != nil {
		return err
	}

	account.password_hash = password_hash
	return nil
}