mirror of
https://github.com/thomiceli/opengist.git
synced 2025-06-13 05:47:12 +02:00
Reset a user password using CLI (#226)
This commit is contained in:
Thomas Miceli
@ -74,7 +74,7 @@ func processRegister(ctx echo.Context) error {
|
||||
|
||||
user := dto.ToUser()
|
||||
|
||||
password, err := argon2id.hash(user.Password)
|
||||
password, err := utils.Argon2id.Hash(user.Password)
|
||||
if err != nil {
|
||||
return errorRes(500, "Cannot hash password", err)
|
||||
}
|
||||
@ -129,7 +129,7 @@ func processLogin(ctx echo.Context) error {
|
||||
return redirect(ctx, "/login")
|
||||
}
|
||||
|
||||
if ok, err := argon2id.verify(password, user.Password); !ok {
|
||||
if ok, err := utils.Argon2id.Verify(password, user.Password); !ok {
|
||||
if err != nil {
|
||||
return errorRes(500, "Cannot check for password", err)
|
||||
}
|
||||
|
||||
@ -6,6 +6,7 @@ import (
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/thomiceli/opengist/internal/utils"
|
||||
"net/http"
|
||||
"os"
|
||||
"os/exec"
|
||||
@ -98,7 +99,7 @@ func gitHttp(ctx echo.Context) error {
|
||||
return plainText(ctx, 404, "Check your credentials or make sure you have access to the Gist")
|
||||
}
|
||||
|
||||
if ok, err := argon2id.verify(authPassword, gist.User.Password); !ok || gist.User.Username != authUsername {
|
||||
if ok, err := utils.Argon2id.Verify(authPassword, gist.User.Password); !ok || gist.User.Username != authUsername {
|
||||
if err != nil {
|
||||
return errorRes(500, "Cannot verify password", err)
|
||||
}
|
||||
@ -115,7 +116,7 @@ func gitHttp(ctx echo.Context) error {
|
||||
return errorRes(401, "Invalid credentials", nil)
|
||||
}
|
||||
|
||||
if ok, err := argon2id.verify(authPassword, user.Password); !ok {
|
||||
if ok, err := utils.Argon2id.Verify(authPassword, user.Password); !ok {
|
||||
if err != nil {
|
||||
return errorRes(500, "Cannot check for password", err)
|
||||
}
|
||||
|
||||
@ -131,7 +131,7 @@ func passwordProcess(ctx echo.Context) error {
|
||||
return html(ctx, "settings.html")
|
||||
}
|
||||
|
||||
password, err := argon2id.hash(dto.Password)
|
||||
password, err := utils.Argon2id.Hash(dto.Password)
|
||||
if err != nil {
|
||||
return errorRes(500, "Cannot hash password", err)
|
||||
}
|
||||
|
||||
@ -2,17 +2,12 @@ package web
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"crypto/subtle"
|
||||
"encoding/base64"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/gorilla/sessions"
|
||||
"github.com/labstack/echo/v4"
|
||||
"github.com/thomiceli/opengist/internal/config"
|
||||
"github.com/thomiceli/opengist/internal/db"
|
||||
"github.com/thomiceli/opengist/internal/i18n"
|
||||
"golang.org/x/crypto/argon2"
|
||||
"html/template"
|
||||
"net/http"
|
||||
"strconv"
|
||||
@ -219,68 +214,3 @@ func addMetadataToSearchQuery(input, key, value string) string {
|
||||
|
||||
return strings.TrimSpace(resultBuilder.String())
|
||||
}
|
||||
|
||||
type Argon2ID struct {
|
||||
format string
|
||||
version int
|
||||
time uint32
|
||||
memory uint32
|
||||
keyLen uint32
|
||||
saltLen uint32
|
||||
threads uint8
|
||||
}
|
||||
|
||||
var argon2id = Argon2ID{
|
||||
format: "$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s",
|
||||
version: argon2.Version,
|
||||
time: 1,
|
||||
memory: 64 * 1024,
|
||||
keyLen: 32,
|
||||
saltLen: 16,
|
||||
threads: 4,
|
||||
}
|
||||
|
||||
func (a Argon2ID) hash(plain string) (string, error) {
|
||||
salt := make([]byte, a.saltLen)
|
||||
if _, err := rand.Read(salt); err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
hash := argon2.IDKey([]byte(plain), salt, a.time, a.memory, a.threads, a.keyLen)
|
||||
|
||||
return fmt.Sprintf(a.format, a.version, a.memory, a.time, a.threads,
|
||||
base64.RawStdEncoding.EncodeToString(salt),
|
||||
base64.RawStdEncoding.EncodeToString(hash),
|
||||
), nil
|
||||
}
|
||||
|
||||
func (a Argon2ID) verify(plain, hash string) (bool, error) {
|
||||
if hash == "" {
|
||||
return false, nil
|
||||
}
|
||||
|
||||
hashParts := strings.Split(hash, "$")
|
||||
|
||||
if len(hashParts) != 6 {
|
||||
return false, errors.New("invalid hash")
|
||||
}
|
||||
|
||||
_, err := fmt.Sscanf(hashParts[3], "m=%d,t=%d,p=%d", &a.memory, &a.time, &a.threads)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
salt, err := base64.RawStdEncoding.DecodeString(hashParts[4])
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
decodedHash, err := base64.RawStdEncoding.DecodeString(hashParts[5])
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
hashToCompare := argon2.IDKey([]byte(plain), salt, a.time, a.memory, a.threads, uint32(len(decodedHash)))
|
||||
|
||||
return subtle.ConstantTimeCompare(decodedHash, hashToCompare) == 1, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user