x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

fix: fist integration test #181
All checks were successful
Build Docker Image / Explore-Gitea-Actions (push) Successful in 47s
Details
Build and Push Docker Image / Explore-Gitea-Actions (push) Successful in 52s
Details

Browse Source
This commit was merged in pull request #189.
This commit is contained in:
Tim Wundenberg
2024-10-02 23:13:31 +02:00
parent 33380e2124
commit f2a98e5f49
9 changed files with 181 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
service/auth.go
View File

@@ -68,7 +68,7 @@ func (service ServiceAuthImpl) SignIn(email string, password string) (*User, err
}
}
hash := getHashPassword(password, user.Salt)
hash := GetHashPassword(password, user.Salt)
if subtle.ConstantTimeCompare(hash, user.Password) == 0 {
return nil, ErrInvaidCredentials
@@ -279,7 +279,7 @@ func HandleSignUpComp(db *sql.DB, serverSettings *types.ServerSettings) http.Han
return
}
hash := getHashPassword(password, salt)
hash := GetHashPassword(password, salt)
_, err = db.Exec("INSERT INTO user (user_uuid, email, email_verified, is_admin, password, salt, created_at) VALUES (?, ?, FALSE, FALSE, ?, ?, datetime())", userId, email, hash, salt)
if err != nil {
@@ -366,7 +366,7 @@ func HandleDeleteAccountComp(db *sql.DB, serverSettings *types.ServerSettings) h
return
}
currHash := getHashPassword(password, salt)
currHash := GetHashPassword(password, salt)
if subtle.ConstantTimeCompare(currHash, storedHash) == 0 {
utils.TriggerToast(w, r, "error", "Password is not correct")
return
@@ -455,13 +455,13 @@ func HandleChangePasswordComp(db *sql.DB) http.HandlerFunc {
return
}
currHash := getHashPassword(currPass, salt)
currHash := GetHashPassword(currPass, salt)
if subtle.ConstantTimeCompare(currHash, storedHash) == 0 {
utils.TriggerToast(w, r, "error", "Current Password is not correct")
return
}
newHash := getHashPassword(newPass, salt)
newHash := GetHashPassword(newPass, salt)
_, err = db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", newHash, user.Id)
if err != nil {
@@ -524,7 +524,7 @@ func HandleActualResetPasswordComp(db *sql.DB) http.HandlerFunc {
return
}
passHash := getHashPassword(newPass, salt)
passHash := GetHashPassword(newPass, salt)
_, err = db.Exec("UPDATE user SET password = ? WHERE user_uuid = ?", passHash, userId)
if err != nil {
@@ -653,7 +653,7 @@ func TryCreateSessionAndSetCookie(r *http.Request, w http.ResponseWriter, db *sq
return nil
}
func getHashPassword(password string, salt []byte) []byte {
func GetHashPassword(password string, salt []byte) []byte {
return argon2.IDKey([]byte(password), salt, 1, 64*1024, 1, 16)
}