func (s *Account) UpdatePassword(ctx context.Context, req *account.UpdatePasswordRequest, rsp *account.UpdatePasswordResponse) error {
usr, err := db.Read(req.UserId)
if err != nil {
return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error())
}
salt, hashed, err := db.SaltAndPassword(usr.Username, usr.Email)
if err != nil {
return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error())
}
hh, err := base64.StdEncoding.DecodeString(hashed)
if err != nil {
return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error())
}
if err := bcrypt.CompareHashAndPassword(hh, []byte(x+salt+req.OldPassword)); err != nil {
return errors.Unauthorized("go.micro.srv.user.updatepassword", err.Error())
}
salt = random(16)
h, err := bcrypt.GenerateFromPassword([]byte(x+salt+req.NewPassword), 10)
if err != nil {
return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error())
}
pp := base64.StdEncoding.EncodeToString(h)
if err := db.UpdatePassword(req.UserId, salt, pp); err != nil {
return errors.InternalServerError("go.micro.srv.user.updatepassword", err.Error())
}
return nil
}
func (s *Account) Login(ctx context.Context, req *account.LoginRequest, rsp *account.LoginResponse) error {
username := strings.ToLower(req.Username)
email := strings.ToLower(req.Email)
salt, hashed, err := db.SaltAndPassword(username, email)
if err != nil {
return err
}
hh, err := base64.StdEncoding.DecodeString(hashed)
if err != nil {
return errors.InternalServerError("go.micro.srv.user.Login", err.Error())
}
if err := bcrypt.CompareHashAndPassword(hh, []byte(x+salt+req.Password)); err != nil {
return errors.Unauthorized("go.micro.srv.user.login", err.Error())
}
// save session
sess := &account.Session{
Id: random(128),
Username: username,
Created: time.Now().Unix(),
Expires: time.Now().Add(time.Hour * 24 * 7).Unix(),
}
if err := db.CreateSession(sess); err != nil {
return errors.InternalServerError("go.micro.srv.user.Login", err.Error())
}
rsp.Session = sess
return nil
}