mirror of
https://github.com/volatiletech/authboss.git
synced 2025-03-05 15:15:45 +02:00
CompareHashAndPassword
This commit is contained in:
Evghenii Maslennikov
Stephen Afam-Osemene
parent
f85525f057
commit
e0b07d319f
@ -5,8 +5,6 @@ import (
|
||||
"context"
|
||||
"net/http"
|
||||
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
|
||||
"github.com/volatiletech/authboss/v3"
|
||||
)
|
||||
|
||||
@ -77,7 +75,7 @@ func (a *Auth) LoginPost(w http.ResponseWriter, r *http.Request) error {
|
||||
r = r.WithContext(context.WithValue(r.Context(), authboss.CTXKeyUser, pidUser))
|
||||
|
||||
var handled bool
|
||||
err = bcrypt.CompareHashAndPassword([]byte(password), []byte(creds.GetPassword()))
|
||||
err = a.Authboss.Core.Hasher.CompareHashAndPassword(password, creds.GetPassword())
|
||||
if err != nil {
|
||||
handled, err = a.Authboss.Events.FireAfter(authboss.EventAuthFail, w, r)
|
||||
if err != nil {
|
||||
|
||||
@ -91,6 +91,7 @@ func testSetup() *testHarness {
|
||||
|
||||
harness.ab.Config.Core.BodyReader = harness.bodyReader
|
||||
harness.ab.Config.Core.Logger = mocks.Logger{}
|
||||
harness.ab.Config.Core.Hasher = mocks.Hasher{}
|
||||
harness.ab.Config.Core.Responder = harness.responder
|
||||
harness.ab.Config.Core.Redirector = harness.redirector
|
||||
harness.ab.Config.Storage.SessionState = harness.session
|
||||
|
||||
@ -89,6 +89,9 @@ func (a *Authboss) UpdatePassword(ctx context.Context, user AuthableUser, newPas
|
||||
// Returns nil on success otherwise there will be an error. Simply a helper
|
||||
// to do the bcrypt comparison.
|
||||
func VerifyPassword(user AuthableUser, password string) error {
|
||||
// TODO: function can be used ONLY if no custom hasher was configured in global ab.config
|
||||
// function should be either deprecated, or he we should have access to global ab's config
|
||||
// (also, we can't use defaults.NewBcryptHasher, because it will be cyclic dep)
|
||||
return bcrypt.CompareHashAndPassword([]byte(user.GetPassword()), []byte(password))
|
||||
}
|
||||
|
||||
|
||||
@ -18,3 +18,7 @@ func (h *BCryptHasher) GenerateHash(raw string) (string, error) {
|
||||
|
||||
return string(hash), nil
|
||||
}
|
||||
|
||||
func (h *BCryptHasher) CompareHashAndPassword(hashedPassword, password string) error {
|
||||
return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
|
||||
}
|
||||
|
||||
@ -26,4 +26,12 @@ func TestHasher(t *testing.T) {
|
||||
if !strings.HasPrefix(hash, "$2a$10$") {
|
||||
t.Error("hash was wrong", hash)
|
||||
}
|
||||
|
||||
if err := hasher.CompareHashAndPassword(hash, "qwerty"); err != nil {
|
||||
t.Error("compare-hash-and-password for valid password must be ok", err)
|
||||
}
|
||||
|
||||
if err := hasher.CompareHashAndPassword(hash, "qwerty-invalid"); err == nil {
|
||||
t.Error("compare-hash-and-password for invalid password must fail")
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
package authboss
|
||||
|
||||
type Hasher interface {
|
||||
CompareHashAndPassword(string, string) error
|
||||
GenerateHash(s string) (string, error)
|
||||
}
|
||||
|
||||
@ -3,6 +3,7 @@ package mocks
|
||||
|
||||
import (
|
||||
"context"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
@ -751,3 +752,19 @@ func (e *ErrorHandler) Wrap(handler func(w http.ResponseWriter, r *http.Request)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
// Hasher is actually just a normal bcrypt hasher
|
||||
type Hasher struct{}
|
||||
|
||||
func (m Hasher) GenerateHash(s string) (string, error) {
|
||||
hash, err := bcrypt.GenerateFromPassword([]byte(s), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
return string(hash), nil
|
||||
}
|
||||
|
||||
func (m Hasher) CompareHashAndPassword(hashedPassword, password string) error {
|
||||
return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
|
||||
}
|
||||
|
||||
@ -225,3 +225,7 @@ func (m mockHasher) GenerateHash(s string) (string, error) {
|
||||
|
||||
return string(hash), nil
|
||||
}
|
||||
|
||||
func (m mockHasher) CompareHashAndPassword(hashedPassword, password string) error {
|
||||
return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
|
||||
}
|
||||
|
||||
@ -5,8 +5,6 @@ import (
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
|
||||
"github.com/friendsofgo/errors"
|
||||
"github.com/volatiletech/authboss/v3"
|
||||
"github.com/volatiletech/authboss/v3/defaults"
|
||||
@ -132,7 +130,7 @@ func TestRegisterPostSuccess(t *testing.T) {
|
||||
if !ok {
|
||||
t.Error("user was not persisted in the DB")
|
||||
}
|
||||
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte("hello world")); err != nil {
|
||||
if err := h.ab.Config.Core.Hasher.CompareHashAndPassword(user.Password, "hello world"); err != nil {
|
||||
t.Error("password was not properly encrypted:", err)
|
||||
}
|
||||
|
||||
@ -175,7 +173,7 @@ func TestRegisterPostSuccess(t *testing.T) {
|
||||
if !ok {
|
||||
t.Error("user was not persisted in the DB")
|
||||
}
|
||||
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte("hello world")); err != nil {
|
||||
if err := h.ab.Config.Core.Hasher.CompareHashAndPassword(user.Password, "hello world"); err != nil {
|
||||
t.Error("password was not properly encrypted:", err)
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user