func LoginUser(d db.DB, email, pwhash string) (util.Key, error) {
// Get the hash and password for the email.
// util.CheckHashedPw(pw, salt, hash)
// if ok, then log in.
userBytes, err := db.GetByKey(d, Users, []byte(email))
if err != nil {
return "", err
}
if len(userBytes) == 0 {
return "", fmt.Errorf("no user for email %q", email)
}
var u User
err = json.Unmarshal(userBytes, &u)
if err != nil {
return "", err
}
ok := util.CheckHashedPw(pwhash, u.Salt, u.Hash)
if !ok {
return "", fmt.Errorf("invalid password")
}
key := util.SaltedHash(pwhash, time.Now().String())
timeout := time.Now().Add(GetTimeout())
err = db.StoreKeyValue(d, SessionKeys, b(email), Login{key, timeout})
if err != nil {
return "", err
}
return key, nil
}
func (s *UtilSuite) TestCheckHashedPw(c *gc.C) {
for i, t := range []struct {
should string
givenPw string
givenSalt util.Salt
givenHash util.Hash
expect bool
}{{
should: "work",
givenPw: "foobar",
givenSalt: "c9fd228aa912e8a3f591590e486719af283598f0",
givenHash: "edd40ea1fef74898d639b6cdce7610c518487e2a",
expect: true,
}, {
should: "also work",
givenPw: "deadbeef",
givenSalt: "125b43964f67f88d7de538b1d310c479822a5d0d",
givenHash: "50aa2ddda4f15d637585d2843242cba76d130afc",
expect: true,
}} {
c.Logf("test %d: should %s", i, t.should)
result := util.CheckHashedPw(t.givenPw, t.givenSalt, t.givenHash)
c.Check(result, gc.Equals, t.expect)
}
}
func CheckUser(d db.DB, email, pwhash string) error {
u, err := Get(d, email)
if err != nil {
return err
}
if ok := util.CheckHashedPw(pwhash, u.Salt, u.Hash); !ok {
return fmt.Errorf("invalid password")
}
return nil
}