예제 #1
0
func BenchmarkBConversion(b *testing.B) {
	b.ReportAllocs()

	for n := 0; n < b.N; n++ {
		conv.Key(password, salt, 3, 4, 4096, 32, conv.Argon2i)
	}
}
예제 #2
0
파일: auth.go 프로젝트: BVNK/bank
func CreateToken(authUser string, password string) (token string, err error) {
	rows, err := Config.Db.Query("SELECT `password`, `salt`, `accountHolderIdentificationNumber` FROM `accounts_user_auth` WHERE `authUser` = ?", authUser)
	if err != nil {
		return "", errors.New("appauth.CreateToken: Error with select query. " + err.Error())
	}
	defer rows.Close()

	count := 0
	hashedPassword := ""
	userSalt := ""
	userID := ""
	for rows.Next() {
		if err := rows.Scan(&hashedPassword, &userSalt, &userID); err != nil {
			return "", errors.New("appauth.CreateToken: Could not retreive account details")
		}
		count++
	}

	// Generate hash
	userPasswordSalt := userSalt + password
	output, err := argon2.Key([]byte(userPasswordSalt), []byte(Config.PasswordSalt), 3, 4, 4096, 64, argon2.Argon2i)
	if err != nil {
		return "", errors.New("appauth.CreateUserPassword: Could not generate secure hash. " + err.Error())
	}

	hash := hex.EncodeToString(output)

	if hash != hashedPassword {
		return "", errors.New("appauth.CreateToken: Authentication credentials invalid")
	}

	newUuid := uuid.NewV4()
	token = newUuid.String()

	// @TODO Remove all tokens for this user
	err = Config.Redis.Set(token, userID, TOKEN_TTL).Err()
	if err != nil {
		return "", errors.New("appauth.CreateToken: Could not set token. " + err.Error())
	}

	return
}
예제 #3
0
파일: auth.go 프로젝트: BVNK/bank
func CreateUserPassword(user string, clearTextPassword string) (result string, err error) {
	//TEST 0~appauth~3~181ac0ae-45cb-461d-b740-15ce33e4612f~testPassword

	// @TODO Split these checks up into separate functions
	// Check if ID number is valid
	rows, err := Config.Db.Query("SELECT * FROM `accounts_users_accounts` WHERE `accountHolderIdentificationNumber` = ?", user)
	if err != nil {
		return "", errors.New("appauth.CreateUserPassword: Error with select query. " + err.Error())
	}
	defer rows.Close()

	count := 0
	for rows.Next() {
		count++
	}

	if count == 0 {
		return "", errors.New("appauth.CreateUserPassword: Account ID number not linked to a user")
	}

	// Check for existing account
	rows, err = Config.Db.Query("SELECT `authUser` FROM `accounts_user_auth` WHERE `accountHolderIdentificationNumber` = ?", user)
	if err != nil {
		return "", errors.New("appauth.CreateUserPassword: Error with select query. " + err.Error())
	}
	defer rows.Close()

	var authUser string
	count = 0
	for rows.Next() {
		if err := rows.Scan(&authUser); err != nil {
			return "", errors.New("appauth.CreateUserPassword: Could not retreive authUser")
		}
		count++
	}

	if count > 0 {
		return "", errors.New("appauth.CreateUserPassword: Account already exists: " + authUser)
	}

	// Check password length
	if len(clearTextPassword) < MIN_PASSWORD_LENGTH {
		return "", errors.New("appauth.CreateUserPassword: Password must be at least " + string(MIN_PASSWORD_LENGTH) + " characters")
	}

	// Generate salt
	randomStrIn := RandStringBytes(32)
	saltOutput, err := argon2.Key([]byte(randomStrIn), []byte(Config.PasswordSalt), 3, 4, 4096, 64, argon2.Argon2i)
	if err != nil {
		return "", errors.New("appauth.CreateUserPassword: Could not generate secure hash. " + err.Error())
	}
	userSalt := hex.EncodeToString(saltOutput)

	// Generate hash
	userPasswordSalt := userSalt + clearTextPassword
	hashOutput, err := argon2.Key([]byte(userPasswordSalt), []byte(Config.PasswordSalt), 3, 4, 4096, 64, argon2.Argon2i)
	if err != nil {
		return "", errors.New("appauth.CreateUserPassword: Could not generate secure hash. " + err.Error())
	}
	userHashedPassword := hex.EncodeToString(hashOutput)

	// Generate authUser number
	authUser = uuid.NewV4().String()

	// Prepare statement for inserting data
	insertStatement := "INSERT INTO accounts_user_auth (`accountHolderIdentificationNumber`, `authUser`, `password`, `salt`, `timestamp`) "
	insertStatement += "VALUES(?, ?, ?, ?, ?)"
	stmtIns, err := Config.Db.Prepare(insertStatement)
	if err != nil {
		return "", errors.New("appauth.CreateUserPassword: Error with insert. " + err.Error())
	}
	defer stmtIns.Close() // Close the statement when we leave main() / the program terminates

	// Convert variables
	t := time.Now()
	sqlTime := int32(t.Unix())

	_, err = stmtIns.Exec(user, authUser, userHashedPassword, userSalt, sqlTime)

	if err != nil {
		return "", errors.New("appauth.CreateUserPassword: Could not save account. " + err.Error())
	}

	result = authUser
	return
}
예제 #4
0
파일: auth.go 프로젝트: BVNK/bank
func RemoveUserPassword(user string, clearTextPassword string) (result string, err error) {
	// Check for existing account
	rows, err := Config.Db.Query("SELECT * FROM `accounts_user_auth` WHERE `accountHolderIdentificationNumber` = ?", user)
	if err != nil {
		return "", errors.New("appauth.RemoveUserPassword: Error with select query. " + err.Error())
	}
	defer rows.Close()

	// @TODO Must be easy way to get row count returned
	count := 0
	for rows.Next() {
		count++
	}

	if count == 0 {
		return "", errors.New("appauth.RemoveUserPassword: Account auth does not exists")
	}

	userHashedPassword, userSalt, err := getUserPasswordSaltFromUID(user)
	if err != nil {
		return "", errors.New("appauth.CreateUserPassword: Could not retrieve user details. " + err.Error())
	}

	// Generate hash
	userPasswordSalt := userSalt + clearTextPassword
	hashOutput, err := argon2.Key([]byte(userPasswordSalt), []byte(Config.PasswordSalt), 3, 4, 4096, 64, argon2.Argon2i)
	if err != nil {
		return "", errors.New("appauth.CreateUserPassword: Could not generate secure hash. " + err.Error())
	}
	hash := hex.EncodeToString(hashOutput)

	if hash != userHashedPassword {
		return "", errors.New("appauth.CreateToken: Authentication credentials invalid")
	}

	// Prepare statement for inserting data
	delStatement := "DELETE FROM accounts_user_auth WHERE `accountHolderIdentificationNumber` = ? AND `password` = ? "
	stmtDel, err := Config.Db.Prepare(delStatement)
	if err != nil {
		return "", errors.New("appauth.RemoveUserPassword: Error with delete. " + err.Error())
	}
	defer stmtDel.Close() // Close the statement when we leave main() / the program terminates

	res, err := stmtDel.Exec(user, userHashedPassword)

	affected, err := res.RowsAffected()
	if err != nil {
		return "", errors.New("appauth.RemoveUserPassword: Could not get rows affected. " + err.Error())
	}

	if affected == 0 {
		return "", errors.New("appauth.RemoveUserPassword: Could not delete account. No account deleted.")
	}

	if err != nil {
		return "", errors.New("appauth.RemoveUserPassword: Could not delete account. " + err.Error())
	}

	result = "Successfully deleted account"
	return
}