// Create makes a new Admin account with a given email and pwhash.
func Create(d db.DB, email, pwhash string) (util.Key, error) {
var none util.Key
adminJSON, err := db.GetByKey(d, emails, []byte(email))
switch {
case err != nil:
return none, err
case len(adminJSON) != 0:
return none, errors.AlreadyExistsf("admin for email %s:", email)
}
hash, salt := util.HashedAndSalt(pwhash, time.Now().String())
seed := time.Now().String()
key := util.SaltedHash(string(hash), seed)
adm := &Admin{
Email: email,
Salt: salt,
Hash: hash,
Key: key,
}
if err := db.StoreKeyValue(d, admins, []byte(key), adm); err != nil {
return none, err
}
return key, db.StoreKeyValue(d, emails, []byte(email), adm)
}
func LoginUser(d db.DB, email, pwhash string) (util.Key, error) {
// Get the hash and password for the email.
// util.CheckHashedPw(pw, salt, hash)
// if ok, then log in.
userBytes, err := db.GetByKey(d, Users, []byte(email))
if err != nil {
return "", err
}
if len(userBytes) == 0 {
return "", fmt.Errorf("no user for email %q", email)
}
var u User
err = json.Unmarshal(userBytes, &u)
if err != nil {
return "", err
}
ok := util.CheckHashedPw(pwhash, u.Salt, u.Hash)
if !ok {
return "", fmt.Errorf("invalid password")
}
key := util.SaltedHash(pwhash, time.Now().String())
timeout := time.Now().Add(GetTimeout())
err = db.StoreKeyValue(d, SessionKeys, b(email), Login{key, timeout})
if err != nil {
return "", err
}
return key, nil
}
func cliCreate(c *cli.CLI, d db.DB) cli.CommandFunc {
return func(args ...string) (cli.Response, error) {
var (
createArgs = make(map[string]string)
email string
pwhash string
err error
none = cli.Response("")
rl = c.Rl
)
if rl == nil {
return none, errors.New("tried to create admin using nil readline")
}
for _, arg := range args {
splt := strings.SplitN(arg, "=", 2)
if len(splt) < 2 {
return "", errors.New("create args must be of the form pw=foo email=bar")
}
createArgs[splt[0]] = splt[1]
}
email, ok := createArgs["email"]
if !ok {
email, err = getAdminEmail(rl, d)
if err != nil {
return none, err
}
}
pw, ok := createArgs["pw"]
if !ok {
var b []byte
b, err = rl.ReadPassword("Enter password: "******"key: " + string(key)), nil
}
}
func LoginUser(d db.DB, email, pwhash string) (util.Key, error) {
if err := CheckUser(d, email, pwhash); err != nil {
return "", err
}
key := util.SaltedHash(pwhash, time.Now().String())
timeout := time.Now().Add(GetTimeout())
err := db.StoreKeyValue(
d,
LoginKeys,
[]byte(email),
Login{key, timeout},
)
if err != nil {
return "", err
}
return key, nil
}
func (s *UtilSuite) TestSaltedHash(c *gc.C) {
for i, t := range []struct {
should string
givenPw string
givenSeed string
expectKey util.Key
}{{
should: "work",
givenPw: "foobar",
givenSeed: "seedFooBar",
expectKey: "edd40ea1fef74898d639b6cdce7610c518487e2a",
}, {
should: "work",
givenPw: "deadbeef",
givenSeed: "anotherseed",
expectKey: "50aa2ddda4f15d637585d2843242cba76d130afc",
}} {
c.Logf("test %d: should %s", i, t.should)
h := util.SaltedHash(t.givenPw, t.givenSeed)
c.Check(string(h), gc.Equals, string(t.expectKey))
}
}
