func (s *Account) UpdatePassword(ctx context.Context, req *account.UpdatePasswordRequest, rsp *account.UpdatePasswordResponse) error { usr, err := db.Read(req.UserId) if err != nil { return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error()) } salt, hashed, err := db.SaltAndPassword(usr.Username, usr.Email) if err != nil { return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error()) } hh, err := base64.StdEncoding.DecodeString(hashed) if err != nil { return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error()) } if err := bcrypt.CompareHashAndPassword(hh, []byte(x+salt+req.OldPassword)); err != nil { return errors.Unauthorized("go.micro.srv.user.updatepassword", err.Error()) } salt = random(16) h, err := bcrypt.GenerateFromPassword([]byte(x+salt+req.NewPassword), 10) if err != nil { return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error()) } pp := base64.StdEncoding.EncodeToString(h) if err := db.UpdatePassword(req.UserId, salt, pp); err != nil { return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error()) } return nil }
func (s *Account) Login(ctx context.Context, req *account.LoginRequest, rsp *account.LoginResponse) error { username := strings.ToLower(req.Username) email := strings.ToLower(req.Email) salt, hashed, err := db.SaltAndPassword(username, email) if err != nil { return err } hh, err := base64.StdEncoding.DecodeString(hashed) if err != nil { return errors.InternalServerError("go.micro.srv.user.Login", err.Error()) } if err := bcrypt.CompareHashAndPassword(hh, []byte(x+salt+req.Password)); err != nil { return errors.Unauthorized("go.micro.srv.user.login", err.Error()) } // save session sess := &account.Session{ Id: random(128), Username: username, Created: time.Now().Unix(), Expires: time.Now().Add(time.Hour * 24 * 7).Unix(), } if err := db.CreateSession(sess); err != nil { return errors.InternalServerError("go.micro.srv.user.Login", err.Error()) } rsp.Session = sess return nil }