Esempio n. 1
0
// set a new password to user
func (this *UserService) SaveNewPassword(u *user.User, password string) error {
	salt := GetUserSalt()
	u.Password = fmt.Sprintf("%s$%s", salt, utils.EncodePassword(password, salt))
	u.PasswordSalt = salt
	_, err := orm.NewOrm().Update(u, "Password", "PasswordSalt", "Updated")
	return err
}
Esempio n. 2
0
// register a user
func (this *UserService) RegisterUser(u *user.User, username, email, password string, userType *user.UserType, role *user.Role) error {
	u.UserType = userType
	// use random salt encode password
	salt := GetUserSalt()
	pwd := utils.EncodePassword(password, salt)

	u.Username = strings.ToLower(username)
	u.Email = strings.ToLower(email)

	// save salt and encode password, use $ as split char
	u.Password = fmt.Sprintf("%s$%s", salt, pwd)
	u.PasswordSalt = salt

	var err error
	tr := orm.NewOrm()
	tr.Begin()
	if err = this.InsertWithScope(tr, u); err == nil {
		roleService := RoleService{}
		err = roleService.InsertUsersWithScope(tr, role, u)
	}
	if err == nil {
		tr.Commit()
	} else {
		tr.Rollback()
	}
	return err
}
Esempio n. 3
0
func (this *AdminApiController) ResetPassword() {
	var ChangePasswordModel = struct {
		Id       int64
		Password string
	}{}
	this.CheckPermission(permissions.UserAdminUpdate)
	var u user.User
	json.Unmarshal(this.Ctx.Input.RequestBody, &ChangePasswordModel)
	u.Id = ChangePasswordModel.Id
	u.Password = ChangePasswordModel.Password
	var err error
	if u.Id > 0 {
		err = this.UserService.SaveNewPassword(&u, u.Password)
		if err != nil {
			this.Ctx.Abort(500, err.Error())
		}
	} else {
		this.Ctx.Abort(500, "invalid user id")
	}
	this.ServeJSON()
}
Esempio n. 4
0
func TestPasswordSpec(t *testing.T) {
	password := "******"
	var err error
	Convey("Authentication Testing", t, func() {
		Convey("generateSalt()", func() {
			salt := GetUserSalt()
			So(salt, ShouldNotBeBlank)
			So(len(salt), ShouldEqual, 10)
		})

		Convey("hashPassword()", func() {
			hash := utils.EncodePassword(password, GetUserSalt())
			So(hash, ShouldNotBeBlank)
			So(len(hash), ShouldEqual, 100)
		})

		Convey("Create a user", func() {
			u := new(user.User)
			u.Username = "******"
			u.Password = password
			db := orm.NewOrm()
			//ensure testuser not exist in the database
			_, err = db.Raw("delete from role where role_info_id = (select id from user_info where user_name = ? limit 1)", u.Username).Exec()
			if err != nil {
				Println(err)
			}
			_, err = db.Raw("delete from user_info where user_name=?", u.Username).Exec()
			if err != nil {
				Println(err)
			}
			err := userServ.RegisterUser(u, "testuser", "*****@*****.**", password, &model.UserType{Id: 1}, &model.Role{Id: 2})
			if err != nil {
				Println(err)
			}
			So(err, ShouldEqual, nil)
			So(u.Id, ShouldBeGreaterThan, 0)

			Convey("VerifyUser()", func() {
				So(userServ.VerifyUser(u, u.Username, password), ShouldEqual, true)
			})

			Convey("CanRegister()", func() {
				var canName, canEmail bool = true, true
				canName, canEmail, _ = userServ.CanRegistered("testuser", "*****@*****.**")
				So(canName, ShouldEqual, false)
				So(canEmail, ShouldEqual, false)
				canName, canEmail, _ = userServ.CanRegistered("testuser", "*****@*****.**")
				So(canName, ShouldEqual, false)
				So(canEmail, ShouldEqual, true)
				canName, canEmail, _ = userServ.CanRegistered("whatever", "*****@*****.**")
				So(canName, ShouldEqual, true)
				So(canEmail, ShouldEqual, false)
				canName, canEmail, _ = userServ.CanRegistered("whatever", "*****@*****.**")
				So(canName, ShouldEqual, true)
				So(canEmail, ShouldEqual, true)
			})

			Convey("HasUser()", func() {
				So(userServ.HasUser(u, "testuser"), ShouldEqual, true)
			})

			Convey("SaveNewPassword()", func() {
				newPassword := "******"
				userServ.SaveNewPassword(u, newPassword)
				So(userServ.VerifyUser(u, u.Username, password), ShouldEqual, false)
				So(userServ.VerifyUser(u, u.Username, newPassword), ShouldEqual, true)
			})

			Convey("FuzzySearch()", func() {
				var users []*model.User
				userServ.FuzzySearch(&users, "t", 2, 0, 200)
				So(len(users), ShouldBeGreaterThanOrEqualTo, 1)
			})
		})

	})
}