func checkPassword(username, password string) bool {
db := database.GetDB()
hmacKey := []byte(viper.GetString("hmackey"))
pwhash, err := scryptauth.New(12, hmacKey)
if err != nil {
logrus.Error(err)
return false
}
// Find the user
for _, item := range db.Users {
if item.Username == username {
// found !
pwCost, hash, salt, err := scryptauth.DecodeBase64(item.ScryptPassword)
if err != nil {
logrus.Error(err)
return false
}
ok, err := pwhash.Check(pwCost, hash, []byte(password), salt)
return ok
}
}
logrus.Infof("Username %s not found in the database", username)
return false
}
// Authentication is the main method: returncode, username, next_url
func Authentication(w http.ResponseWriter, req *http.Request) (int, string, string) {
// @TODO: Remove w http.ResponseWriter, req *http.Request to make it independent and ease the tests
udb := database.GetDB()
req.ParseForm()
username, password, code := req.Form.Get("username"),
req.Form.Get("password"),
req.Form.Get("code")
next := req.URL.Query().Get("next")
if next == "" {
next = "/"
}
logrus.Infof("Trying to authenticate %s", username)
u := udb.FindUser(username)
if u == nil {
logrus.Errorf("Username %s not found in database", username)
return 1, "", next
}
otp, err := gototp.New(u.Init2FA)
if err != nil {
logrus.Error(err)
return 1, "", next
}
/* temp */
if !checkPassword(username, password) {
logrus.Error("Wrong pass")
return 1, "", next
}
if checkPassword(username, password) &&
(code == fmt.Sprintf("%06d", otp.FromNow(-1)) ||
code == fmt.Sprintf("%06d", otp.Now()) ||
code == fmt.Sprintf("%06d", otp.FromNow(1))) {
logrus.Infof("Signing cookie for authentified user %s", username)
return 0, username, next
}
logrus.Error("Failed authentication (pass or OTP) for user ", username)
return 1, "", next
}
// CreateUser is a procedure for creating a user
func CreateUser(cmd *cobra.Command, args []string) {
database.InitDB()
db := database.GetDB()
username := viper.GetString("name")
if username == "" {
fmt.Println("Required 'name' parameter not specified")
return
}
fmt.Printf("Creating User %s...\n", username)
for _, item := range db.Users {
if item.Username == username {
logrus.Errorf("User %s already exists in the database", username)
return
}
}
// Generate TOTP
init2FA, err := gototp.New(gototp.RandomSecret(10))
if err != nil {
logrus.Error(err)
return
}
// check if password was specified, otherwise, go interactive
password := viper.GetString("password")
if password == "" {
password = prompter.Password("Enter password to use")
}
user, err := pwMan.NewUser(username, password, init2FA.Secret())
if err != nil {
fmt.Printf("Error while creating user %s: %v\n", username, err)
}
db.AddUser(*user)
fmt.Printf("User %s created. Caracteristics :\n", username)
fmt.Printf("2FA init: %s || QRCode link: %s\n", init2FA.Secret(), init2FA.QRCodeGoogleChartsUrl("Code", 320))
//fmt.Println(.QRCodeTerminal("label"))
}