From 4b9ce5f401d6f7e262e8b5fda24af119c74a5846 Mon Sep 17 00:00:00 2001 From: Yang Luo Date: Sun, 16 May 2021 21:04:26 +0800 Subject: [PATCH] Fix add/update salted password. --- authz/authz.go | 1 + controllers/user.go | 5 +++-- object/check.go | 4 ++-- object/organization.go | 4 ++++ object/user.go | 20 ++++++++++++++++++++ 5 files changed, 30 insertions(+), 4 deletions(-) diff --git a/authz/authz.go b/authz/authz.go index 361f406d..ec834ec7 100644 --- a/authz/authz.go +++ b/authz/authz.go @@ -85,6 +85,7 @@ p, *, *, GET, /api/get-default-application, *, * p, *, *, GET, /api/get-default-providers, *, * p, *, *, POST, /api/upload-avatar, *, * p, *, *, POST, /api/unlink, *, * +p, *, *, POST, /api/set-password, *, * ` sa := stringadapter.NewAdapter(ruleText) diff --git a/controllers/user.go b/controllers/user.go index 52aac297..26b0b67e 100644 --- a/controllers/user.go +++ b/controllers/user.go @@ -153,8 +153,9 @@ func (c *ApiController) SetPassword() { return } - if oldPassword != targetUser.Password { - c.ResponseError("Old password wrong.") + msg := object.CheckPassword(targetUser, oldPassword) + if msg != "" { + c.ResponseError(msg) return } diff --git a/object/check.go b/object/check.go index 63e94793..21780184 100644 --- a/object/check.go +++ b/object/check.go @@ -57,7 +57,7 @@ func CheckUserSignup(organizationName string, username string, password string, } } -func checkPassword(user *User, password string) string { +func CheckPassword(user *User, password string) string { organization := getOrganization("admin", user.Owner) if organization.PasswordType == "plain" { @@ -87,7 +87,7 @@ func CheckUserLogin(organization string, username string, password string) (*Use return nil, "the user is forbidden to sign in, please contact the administrator" } - msg := checkPassword(user, password) + msg := CheckPassword(user, password) if msg != "" { return nil, msg } diff --git a/object/organization.go b/object/organization.go index b9c40c44..44e33668 100644 --- a/object/organization.go +++ b/object/organization.go @@ -105,3 +105,7 @@ func GetOrganizationByName(name string) *Organization { } return &ret } + +func getOrganizationByUser(user *User) *Organization { + return getOrganization("admin", user.Owner) +} diff --git a/object/user.go b/object/user.go index 2d5c088c..b2f64060 100644 --- a/object/user.go +++ b/object/user.go @@ -117,6 +117,8 @@ func AddUser(user *User) bool { user.Id = util.GenerateId() user.UpdateUserHash() user.PreHash = user.Hash + organization := getOrganizationByUser(user) + user.UpdateUserPassword(organization) affected, err := adapter.Engine.Insert(user) if err != nil { @@ -127,9 +129,15 @@ func AddUser(user *User) bool { } func AddUsers(users []*User) bool { + if len(users) == 0 { + return false + } + + organization := getOrganizationByUser(users[0]) for _, user := range users { user.UpdateUserHash() user.PreHash = user.Hash + user.UpdateUserPassword(organization) } affected, err := adapter.Engine.Insert(users) @@ -215,6 +223,12 @@ func GetUserByFields(organization string, field string) *User { } func SetUserField(user *User, field string, value string) bool { + if field == "password" { + organization := getOrganizationByUser(user) + user.UpdateUserPassword(organization) + value = user.Password + } + affected, err := adapter.Engine.Table(user).ID(core.PK{user.Owner, user.Name}).Update(map[string]interface{}{field: value}) if err != nil { panic(err) @@ -258,6 +272,12 @@ func (user *User) UpdateUserHash() { user.Hash = hash } +func (user *User) UpdateUserPassword(organization *Organization) { + if organization.PasswordType == "salt" { + user.Password = getSaltedPassword(user.Password, organization.PasswordSalt) + } +} + func (user *User) GetId() string { return fmt.Sprintf("%s/%s", user.Owner, user.Name) }