func (w *DatabaseWorld) AccountForLogin(name, password string) (acc *Account) {
acc = &Account{}
row := w.db.QueryRow("SELECT loginname, passwordhash, character, created FROM account WHERE loginname = $1",
name)
err := row.Scan(&acc.LoginName, &acc.PasswordHash, &acc.Character, &acc.Created)
// TODO: oh look there are timing attacks wheeeeeeee
if err != nil {
thing, ok := err.(pq.PGError)
var message string
if ok {
message = thing.Get('M')
} else {
message = err.Error()
}
log.Println("Error loading account with name", name, ":", message)
return nil
}
if !bcrypt.Match(password, acc.PasswordHash) {
log.Println("Bad login attempt for account", name)
return nil
}
return
}
func TestCreateUser(t *testing.T) {
InitTests()
req, _ := http.NewRequest("POST", server.URL+"/u/gino/", strings.NewReader(url.Values{"password": {"berlino"}, "isadmin": {"1"}}.Encode()))
req.SetBasicAuth("admin", "asdf")
resp, err := http.DefaultClient.Do(req)
if err != nil {
t.Errorf("%v", err)
}
if resp.StatusCode != 200 {
t.Errorf("Server responded with %v, expected 200", resp.StatusCode)
t.FailNow()
}
client := connectToRedis()
defer client.Close()
v := client.HGetAll("user:gino").Val()
if !(bcrypt.Match("berlino", v[3])) {
t.Errorf("%v v1 is %v and v2 is %v %v", v[0], v[1], v[2], v[3])
t.FailNow()
}
}
func (u User) Validate(p string) bool {
return bcrypt.Match(p, u.Hash)
}
func PassMatch(p string, hash string) bool {
if bcrypt.Match(p, hash) {
return true
}
return false
}
// Returns false if the password does not match or if the user is not there
func checkUserPass(user string, pass string, client *redis.Client) bool {
if client.Exists("user:"******"user:"******"password").Val()[0].(string))
}
return false
}
func (account *Account) HasPassword(pass string) bool {
return bcrypt.Match(pass, account.PasswordHash)
}
func (self *defaultAuther) Match(password string, hash string) bool {
return bcrypt.Match(password, hash)
}