Beispiel #1
0
func checkPassword(username, password string) bool {
	db := database.GetDB()

	hmacKey := []byte(viper.GetString("hmackey"))
	pwhash, err := scryptauth.New(12, hmacKey)
	if err != nil {
		logrus.Error(err)
		return false
	}

	// Find the user
	for _, item := range db.Users {
		if item.Username == username {
			// found !
			pwCost, hash, salt, err := scryptauth.DecodeBase64(item.ScryptPassword)
			if err != nil {
				logrus.Error(err)
				return false
			}

			ok, err := pwhash.Check(pwCost, hash, []byte(password), salt)
			return ok
		}
	}

	logrus.Infof("Username %s not found in the database", username)
	return false
}
Beispiel #2
0
// Authentication is the main method: returncode, username, next_url
func Authentication(w http.ResponseWriter, req *http.Request) (int, string, string) {
	// @TODO: Remove w http.ResponseWriter, req *http.Request to make it independent and ease the tests
	udb := database.GetDB()

	req.ParseForm()

	username, password, code := req.Form.Get("username"),
		req.Form.Get("password"),
		req.Form.Get("code")

	next := req.URL.Query().Get("next")
	if next == "" {
		next = "/"
	}

	logrus.Infof("Trying to authenticate %s", username)
	u := udb.FindUser(username)
	if u == nil {
		logrus.Errorf("Username %s not found in database", username)
		return 1, "", next
	}

	otp, err := gototp.New(u.Init2FA)
	if err != nil {
		logrus.Error(err)
		return 1, "", next
	}

	/* temp */
	if !checkPassword(username, password) {
		logrus.Error("Wrong pass")
		return 1, "", next
	}

	if checkPassword(username, password) &&
		(code == fmt.Sprintf("%06d", otp.FromNow(-1)) ||
			code == fmt.Sprintf("%06d", otp.Now()) ||
			code == fmt.Sprintf("%06d", otp.FromNow(1))) {

		logrus.Infof("Signing cookie for authentified user %s", username)

		return 0, username, next
	}

	logrus.Error("Failed authentication (pass or OTP) for user ", username)
	return 1, "", next
}
Beispiel #3
0
// CreateUser is a procedure for creating a user
func CreateUser(cmd *cobra.Command, args []string) {
	database.InitDB()
	db := database.GetDB()

	username := viper.GetString("name")
	if username == "" {
		fmt.Println("Required 'name' parameter not specified")
		return
	}

	fmt.Printf("Creating User %s...\n", username)

	for _, item := range db.Users {
		if item.Username == username {
			logrus.Errorf("User %s already exists in the database", username)
			return
		}
	}

	// Generate TOTP
	init2FA, err := gototp.New(gototp.RandomSecret(10))
	if err != nil {
		logrus.Error(err)
		return
	}

	// check if password was specified, otherwise, go interactive
	password := viper.GetString("password")
	if password == "" {
		password = prompter.Password("Enter password to use")
	}

	user, err := pwMan.NewUser(username, password, init2FA.Secret())
	if err != nil {
		fmt.Printf("Error while creating user %s: %v\n", username, err)
	}

	db.AddUser(*user)

	fmt.Printf("User %s created. Caracteristics :\n", username)
	fmt.Printf("2FA init: %s || QRCode link: %s\n", init2FA.Secret(), init2FA.QRCodeGoogleChartsUrl("Code", 320))
	//fmt.Println(.QRCodeTerminal("label"))

}