func BenchmarkBConversion(b *testing.B) {
b.ReportAllocs()
for n := 0; n < b.N; n++ {
conv.Key(password, salt, 3, 4, 4096, 32, conv.Argon2i)
}
}
func CreateToken(authUser string, password string) (token string, err error) {
rows, err := Config.Db.Query("SELECT `password`, `salt`, `accountHolderIdentificationNumber` FROM `accounts_user_auth` WHERE `authUser` = ?", authUser)
if err != nil {
return "", errors.New("appauth.CreateToken: Error with select query. " + err.Error())
}
defer rows.Close()
count := 0
hashedPassword := ""
userSalt := ""
userID := ""
for rows.Next() {
if err := rows.Scan(&hashedPassword, &userSalt, &userID); err != nil {
return "", errors.New("appauth.CreateToken: Could not retreive account details")
}
count++
}
// Generate hash
userPasswordSalt := userSalt + password
output, err := argon2.Key([]byte(userPasswordSalt), []byte(Config.PasswordSalt), 3, 4, 4096, 64, argon2.Argon2i)
if err != nil {
return "", errors.New("appauth.CreateUserPassword: Could not generate secure hash. " + err.Error())
}
hash := hex.EncodeToString(output)
if hash != hashedPassword {
return "", errors.New("appauth.CreateToken: Authentication credentials invalid")
}
newUuid := uuid.NewV4()
token = newUuid.String()
// @TODO Remove all tokens for this user
err = Config.Redis.Set(token, userID, TOKEN_TTL).Err()
if err != nil {
return "", errors.New("appauth.CreateToken: Could not set token. " + err.Error())
}
return
}
func CreateUserPassword(user string, clearTextPassword string) (result string, err error) {
//TEST 0~appauth~3~181ac0ae-45cb-461d-b740-15ce33e4612f~testPassword
// @TODO Split these checks up into separate functions
// Check if ID number is valid
rows, err := Config.Db.Query("SELECT * FROM `accounts_users_accounts` WHERE `accountHolderIdentificationNumber` = ?", user)
if err != nil {
return "", errors.New("appauth.CreateUserPassword: Error with select query. " + err.Error())
}
defer rows.Close()
count := 0
for rows.Next() {
count++
}
if count == 0 {
return "", errors.New("appauth.CreateUserPassword: Account ID number not linked to a user")
}
// Check for existing account
rows, err = Config.Db.Query("SELECT `authUser` FROM `accounts_user_auth` WHERE `accountHolderIdentificationNumber` = ?", user)
if err != nil {
return "", errors.New("appauth.CreateUserPassword: Error with select query. " + err.Error())
}
defer rows.Close()
var authUser string
count = 0
for rows.Next() {
if err := rows.Scan(&authUser); err != nil {
return "", errors.New("appauth.CreateUserPassword: Could not retreive authUser")
}
count++
}
if count > 0 {
return "", errors.New("appauth.CreateUserPassword: Account already exists: " + authUser)
}
// Check password length
if len(clearTextPassword) < MIN_PASSWORD_LENGTH {
return "", errors.New("appauth.CreateUserPassword: Password must be at least " + string(MIN_PASSWORD_LENGTH) + " characters")
}
// Generate salt
randomStrIn := RandStringBytes(32)
saltOutput, err := argon2.Key([]byte(randomStrIn), []byte(Config.PasswordSalt), 3, 4, 4096, 64, argon2.Argon2i)
if err != nil {
return "", errors.New("appauth.CreateUserPassword: Could not generate secure hash. " + err.Error())
}
userSalt := hex.EncodeToString(saltOutput)
// Generate hash
userPasswordSalt := userSalt + clearTextPassword
hashOutput, err := argon2.Key([]byte(userPasswordSalt), []byte(Config.PasswordSalt), 3, 4, 4096, 64, argon2.Argon2i)
if err != nil {
return "", errors.New("appauth.CreateUserPassword: Could not generate secure hash. " + err.Error())
}
userHashedPassword := hex.EncodeToString(hashOutput)
// Generate authUser number
authUser = uuid.NewV4().String()
// Prepare statement for inserting data
insertStatement := "INSERT INTO accounts_user_auth (`accountHolderIdentificationNumber`, `authUser`, `password`, `salt`, `timestamp`) "
insertStatement += "VALUES(?, ?, ?, ?, ?)"
stmtIns, err := Config.Db.Prepare(insertStatement)
if err != nil {
return "", errors.New("appauth.CreateUserPassword: Error with insert. " + err.Error())
}
defer stmtIns.Close() // Close the statement when we leave main() / the program terminates
// Convert variables
t := time.Now()
sqlTime := int32(t.Unix())
_, err = stmtIns.Exec(user, authUser, userHashedPassword, userSalt, sqlTime)
if err != nil {
return "", errors.New("appauth.CreateUserPassword: Could not save account. " + err.Error())
}
result = authUser
return
}
func RemoveUserPassword(user string, clearTextPassword string) (result string, err error) {
// Check for existing account
rows, err := Config.Db.Query("SELECT * FROM `accounts_user_auth` WHERE `accountHolderIdentificationNumber` = ?", user)
if err != nil {
return "", errors.New("appauth.RemoveUserPassword: Error with select query. " + err.Error())
}
defer rows.Close()
// @TODO Must be easy way to get row count returned
count := 0
for rows.Next() {
count++
}
if count == 0 {
return "", errors.New("appauth.RemoveUserPassword: Account auth does not exists")
}
userHashedPassword, userSalt, err := getUserPasswordSaltFromUID(user)
if err != nil {
return "", errors.New("appauth.CreateUserPassword: Could not retrieve user details. " + err.Error())
}
// Generate hash
userPasswordSalt := userSalt + clearTextPassword
hashOutput, err := argon2.Key([]byte(userPasswordSalt), []byte(Config.PasswordSalt), 3, 4, 4096, 64, argon2.Argon2i)
if err != nil {
return "", errors.New("appauth.CreateUserPassword: Could not generate secure hash. " + err.Error())
}
hash := hex.EncodeToString(hashOutput)
if hash != userHashedPassword {
return "", errors.New("appauth.CreateToken: Authentication credentials invalid")
}
// Prepare statement for inserting data
delStatement := "DELETE FROM accounts_user_auth WHERE `accountHolderIdentificationNumber` = ? AND `password` = ? "
stmtDel, err := Config.Db.Prepare(delStatement)
if err != nil {
return "", errors.New("appauth.RemoveUserPassword: Error with delete. " + err.Error())
}
defer stmtDel.Close() // Close the statement when we leave main() / the program terminates
res, err := stmtDel.Exec(user, userHashedPassword)
affected, err := res.RowsAffected()
if err != nil {
return "", errors.New("appauth.RemoveUserPassword: Could not get rows affected. " + err.Error())
}
if affected == 0 {
return "", errors.New("appauth.RemoveUserPassword: Could not delete account. No account deleted.")
}
if err != nil {
return "", errors.New("appauth.RemoveUserPassword: Could not delete account. " + err.Error())
}
result = "Successfully deleted account"
return
}