mirror of
https://github.com/volatiletech/authboss.git
synced 2025-03-05 15:15:45 +02:00
CompareHashAndPassword
This commit is contained in:
Evghenii Maslennikov
Stephen Afam-Osemene
parent
f85525f057
commit
e0b07d319f
@ -5,8 +5,6 @@ import (
|
|||||||
"context"
|
"context"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"golang.org/x/crypto/bcrypt"
|
|
||||||
|
|
||||||
"github.com/volatiletech/authboss/v3"
|
"github.com/volatiletech/authboss/v3"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -77,7 +75,7 @@ func (a *Auth) LoginPost(w http.ResponseWriter, r *http.Request) error {
|
|||||||
r = r.WithContext(context.WithValue(r.Context(), authboss.CTXKeyUser, pidUser))
|
r = r.WithContext(context.WithValue(r.Context(), authboss.CTXKeyUser, pidUser))
|
||||||
|
|
||||||
var handled bool
|
var handled bool
|
||||||
err = bcrypt.CompareHashAndPassword([]byte(password), []byte(creds.GetPassword()))
|
err = a.Authboss.Core.Hasher.CompareHashAndPassword(password, creds.GetPassword())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
handled, err = a.Authboss.Events.FireAfter(authboss.EventAuthFail, w, r)
|
handled, err = a.Authboss.Events.FireAfter(authboss.EventAuthFail, w, r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|||||||
@ -91,6 +91,7 @@ func testSetup() *testHarness {
|
|||||||
|
|
||||||
harness.ab.Config.Core.BodyReader = harness.bodyReader
|
harness.ab.Config.Core.BodyReader = harness.bodyReader
|
||||||
harness.ab.Config.Core.Logger = mocks.Logger{}
|
harness.ab.Config.Core.Logger = mocks.Logger{}
|
||||||
|
harness.ab.Config.Core.Hasher = mocks.Hasher{}
|
||||||
harness.ab.Config.Core.Responder = harness.responder
|
harness.ab.Config.Core.Responder = harness.responder
|
||||||
harness.ab.Config.Core.Redirector = harness.redirector
|
harness.ab.Config.Core.Redirector = harness.redirector
|
||||||
harness.ab.Config.Storage.SessionState = harness.session
|
harness.ab.Config.Storage.SessionState = harness.session
|
||||||
|
|||||||
@ -89,6 +89,9 @@ func (a *Authboss) UpdatePassword(ctx context.Context, user AuthableUser, newPas
|
|||||||
// Returns nil on success otherwise there will be an error. Simply a helper
|
// Returns nil on success otherwise there will be an error. Simply a helper
|
||||||
// to do the bcrypt comparison.
|
// to do the bcrypt comparison.
|
||||||
func VerifyPassword(user AuthableUser, password string) error {
|
func VerifyPassword(user AuthableUser, password string) error {
|
||||||
|
// TODO: function can be used ONLY if no custom hasher was configured in global ab.config
|
||||||
|
// function should be either deprecated, or he we should have access to global ab's config
|
||||||
|
// (also, we can't use defaults.NewBcryptHasher, because it will be cyclic dep)
|
||||||
return bcrypt.CompareHashAndPassword([]byte(user.GetPassword()), []byte(password))
|
return bcrypt.CompareHashAndPassword([]byte(user.GetPassword()), []byte(password))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -18,3 +18,7 @@ func (h *BCryptHasher) GenerateHash(raw string) (string, error) {
|
|||||||
|
|
||||||
return string(hash), nil
|
return string(hash), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (h *BCryptHasher) CompareHashAndPassword(hashedPassword, password string) error {
|
||||||
|
return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
|
||||||
|
}
|
||||||
|
|||||||
@ -26,4 +26,12 @@ func TestHasher(t *testing.T) {
|
|||||||
if !strings.HasPrefix(hash, "$2a$10$") {
|
if !strings.HasPrefix(hash, "$2a$10$") {
|
||||||
t.Error("hash was wrong", hash)
|
t.Error("hash was wrong", hash)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if err := hasher.CompareHashAndPassword(hash, "qwerty"); err != nil {
|
||||||
|
t.Error("compare-hash-and-password for valid password must be ok", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := hasher.CompareHashAndPassword(hash, "qwerty-invalid"); err == nil {
|
||||||
|
t.Error("compare-hash-and-password for invalid password must fail")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,5 +1,6 @@
|
|||||||
package authboss
|
package authboss
|
||||||
|
|
||||||
type Hasher interface {
|
type Hasher interface {
|
||||||
|
CompareHashAndPassword(string, string) error
|
||||||
GenerateHash(s string) (string, error)
|
GenerateHash(s string) (string, error)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,6 +3,7 @@ package mocks
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"golang.org/x/crypto/bcrypt"
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
@ -751,3 +752,19 @@ func (e *ErrorHandler) Wrap(handler func(w http.ResponseWriter, r *http.Request)
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Hasher is actually just a normal bcrypt hasher
|
||||||
|
type Hasher struct{}
|
||||||
|
|
||||||
|
func (m Hasher) GenerateHash(s string) (string, error) {
|
||||||
|
hash, err := bcrypt.GenerateFromPassword([]byte(s), bcrypt.DefaultCost)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
return string(hash), nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m Hasher) CompareHashAndPassword(hashedPassword, password string) error {
|
||||||
|
return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
|
||||||
|
}
|
||||||
|
|||||||
@ -225,3 +225,7 @@ func (m mockHasher) GenerateHash(s string) (string, error) {
|
|||||||
|
|
||||||
return string(hash), nil
|
return string(hash), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (m mockHasher) CompareHashAndPassword(hashedPassword, password string) error {
|
||||||
|
return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
|
||||||
|
}
|
||||||
|
|||||||
@ -5,8 +5,6 @@ import (
|
|||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"golang.org/x/crypto/bcrypt"
|
|
||||||
|
|
||||||
"github.com/friendsofgo/errors"
|
"github.com/friendsofgo/errors"
|
||||||
"github.com/volatiletech/authboss/v3"
|
"github.com/volatiletech/authboss/v3"
|
||||||
"github.com/volatiletech/authboss/v3/defaults"
|
"github.com/volatiletech/authboss/v3/defaults"
|
||||||
@ -132,7 +130,7 @@ func TestRegisterPostSuccess(t *testing.T) {
|
|||||||
if !ok {
|
if !ok {
|
||||||
t.Error("user was not persisted in the DB")
|
t.Error("user was not persisted in the DB")
|
||||||
}
|
}
|
||||||
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte("hello world")); err != nil {
|
if err := h.ab.Config.Core.Hasher.CompareHashAndPassword(user.Password, "hello world"); err != nil {
|
||||||
t.Error("password was not properly encrypted:", err)
|
t.Error("password was not properly encrypted:", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -175,7 +173,7 @@ func TestRegisterPostSuccess(t *testing.T) {
|
|||||||
if !ok {
|
if !ok {
|
||||||
t.Error("user was not persisted in the DB")
|
t.Error("user was not persisted in the DB")
|
||||||
}
|
}
|
||||||
if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte("hello world")); err != nil {
|
if err := h.ab.Config.Core.Hasher.CompareHashAndPassword(user.Password, "hello world"); err != nil {
|
||||||
t.Error("password was not properly encrypted:", err)
|
t.Error("password was not properly encrypted:", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user