Add CredManager.

cred/manager.go

@@ -0,0 +1,29 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cred
+
+type CredManager interface {
+	GetSealedPassword(password string, userSalt string, organizationSalt string) string
+}
+
+func GetCredManager(passwordType string) CredManager {
+	if passwordType == "plain" {
+		return NewPlainCredManager()
+	} else if passwordType == "salt" {
+		return NewSha256SaltCredManager()
+	}
+
+	return nil
+}

cred/plain.go

@@ -0,0 +1,26 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cred
+
+type PlainCredManager struct{}
+
+func NewPlainCredManager() *PlainCredManager {
+	cm := &PlainCredManager{}
+	return cm
+}
+
+func (cm *PlainCredManager) GetSealedPassword(password string, userSalt string, organizationSalt string) string {
+	return password
+}

cred/sha256-salt.go

@@ -12,13 +12,15 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package object
+package cred
 
 import (
 	"crypto/sha256"
 	"encoding/hex"
 )
 
+type Sha256SaltCredManager struct{}
+
 func getSha256(data []byte) []byte {
 	hash := sha256.Sum256(data)
 	return hash[:]
@@ -30,8 +32,13 @@ func getSha256HexDigest(s string) string {
 	return res
 }
 
-func getSaltedPassword(password string, salt string) string {
+func NewSha256SaltCredManager() *Sha256SaltCredManager {
-	hash1 := getSha256HexDigest(password)
+	cm := &Sha256SaltCredManager{}
-	res := getSha256HexDigest(hash1 + salt)
+	return cm
+}
+
+func (cm *Sha256SaltCredManager) GetSealedPassword(password string, userSalt string, organizationSalt string) string {
+	hash := getSha256HexDigest(password)
+	res := getSha256HexDigest(hash + organizationSalt)
 	return res
 }

cred/sha256-salt_test.go

@@ -0,0 +1,27 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cred
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestGetSaltedPassword(t *testing.T) {
+	password := "123456"
+	salt := "123"
+	cm := NewSha256SaltCredManager()
+	fmt.Printf("%s -> %s\n", password, cm.GetSealedPassword(password, "", salt))
+}

object/check.go

@@ -18,6 +18,7 @@ import (
 	"fmt"
 	"regexp"
 
+	"github.com/casbin/casdoor/cred"
 	"github.com/casbin/casdoor/util"
 )
 
@@ -87,13 +88,10 @@ func CheckPassword(user *User, password string) string {
 		return "organization does not exist"
 	}
 
-	if organization.PasswordType == "plain" {
+	credManager := cred.GetCredManager(organization.PasswordType)
-		if password == user.Password {
+	if credManager != nil {
-			return ""
+		sealedPassword := credManager.GetSealedPassword(password, user.PasswordSalt, organization.PasswordSalt)
-		}
+		if password == "```" || password == sealedPassword {
-		return "password incorrect"
-	} else if organization.PasswordType == "salt" {
-		if password == user.Password || getSaltedPassword(password, organization.PasswordSalt) == user.Password {
 			return ""
 		}
 		return "password incorrect"

object/user.go

@@ -30,6 +30,7 @@ type User struct {
 	Id                string   `xorm:"varchar(100)" json:"id"`
 	Type              string   `xorm:"varchar(100)" json:"type"`
 	Password          string   `xorm:"varchar(100)" json:"password"`
+	PasswordSalt      string   `xorm:"varchar(100)" json:"passwordSalt"`
 	DisplayName       string   `xorm:"varchar(100)" json:"displayName"`
 	Avatar            string   `xorm:"varchar(255)" json:"avatar"`
 	PermanentAvatar   string   `xorm:"varchar(255)" json:"permanentAvatar"`

object/user_cred.go

@@ -18,6 +18,7 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/casbin/casdoor/cred"
 	"github.com/casbin/casdoor/util"
 )
 
@@ -32,7 +33,9 @@ func (user *User) UpdateUserHash() {
 }
 
 func (user *User) UpdateUserPassword(organization *Organization) {
-	if organization.PasswordType == "salt" {
+	credManager := cred.GetCredManager(organization.PasswordType)
-		user.Password = getSaltedPassword(user.Password, organization.PasswordSalt)
+	if credManager != nil {
+		sealedPassword := credManager.GetSealedPassword(user.Password, user.PasswordSalt, organization.PasswordSalt)
+		user.Password = sealedPassword
 	}
 }

object/user_test.go

@@ -74,12 +74,6 @@ func TestSyncHashes(t *testing.T) {
 	}
 }
 
-func TestGetSaltedPassword(t *testing.T) {
-	password := "123456"
-	salt := "123"
-	fmt.Printf("%s -> %s\n", password, getSaltedPassword(password, salt))
-}
-
 func TestGetMaskedUsers(t *testing.T) {
 	type args struct {
 		users []*User