llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 02:35:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add CredManager.

Browse Source
This commit is contained in:
Gucheng Wang 2021-11-04 21:08:43 +08:00
parent 609e9785e4
commit 7792f4589d
8 changed files with 105 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
cred/manager.go Normal file
View File

@ -0,0 +1,29 @@
// Copyright 2021 The casbin Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cred
type CredManager interface {
GetSealedPassword(password string, userSalt string, organizationSalt string) string
}
func GetCredManager(passwordType string) CredManager {
if passwordType == "plain" {
return NewPlainCredManager()
} else if passwordType == "salt" {
return NewSha256SaltCredManager()
}
return nil
}

26
cred/plain.go Normal file
View File

@ -0,0 +1,26 @@
// Copyright 2021 The casbin Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cred
type PlainCredManager struct{}
func NewPlainCredManager() *PlainCredManager {
cm := &PlainCredManager{}
return cm
}
func (cm *PlainCredManager) GetSealedPassword(password string, userSalt string, organizationSalt string) string {
return password
}

15
object/password.go → cred/sha256-salt.go
View File

@ -12,13 +12,15 @@
// See the License for the specific language governing permissions and // See the License for the specific language governing permissions and
// limitations under the License. // limitations under the License.
package object package cred
import ( import (
"crypto/sha256" "crypto/sha256"
"encoding/hex" "encoding/hex"
) )
type Sha256SaltCredManager struct{}
func getSha256(data []byte) []byte { func getSha256(data []byte) []byte {
hash := sha256.Sum256(data) hash := sha256.Sum256(data)
return hash[:] return hash[:]
@ -30,8 +32,13 @@ func getSha256HexDigest(s string) string {
return res return res
} }
func getSaltedPassword(password string, salt string) string { func NewSha256SaltCredManager() *Sha256SaltCredManager {
hash1 := getSha256HexDigest(password) cm := &Sha256SaltCredManager{}
res := getSha256HexDigest(hash1 + salt) return cm
}
func (cm *Sha256SaltCredManager) GetSealedPassword(password string, userSalt string, organizationSalt string) string {
hash := getSha256HexDigest(password)
res := getSha256HexDigest(hash + organizationSalt)
return res return res
} }

27
cred/sha256-salt_test.go Normal file
View File

@ -0,0 +1,27 @@
// Copyright 2021 The casbin Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cred
import (
"fmt"
"testing"
)
func TestGetSaltedPassword(t *testing.T) {
password := "123456"
salt := "123"
cm := NewSha256SaltCredManager()
fmt.Printf("%s -> %s\n", password, cm.GetSealedPassword(password, "", salt))
}

14
object/check.go
View File

@ -18,6 +18,7 @@ import (
"fmt" "fmt"
"regexp" "regexp"
"github.com/casbin/casdoor/cred"
"github.com/casbin/casdoor/util" "github.com/casbin/casdoor/util"
) )
@ -86,14 +87,11 @@ func CheckPassword(user *User, password string) string {
if organization == nil { if organization == nil {
return "organization does not exist" return "organization does not exist"
} }
if organization.PasswordType == "plain" { credManager := cred.GetCredManager(organization.PasswordType)
if password == user.Password { if credManager != nil {
return "" sealedPassword := credManager.GetSealedPassword(password, user.PasswordSalt, organization.PasswordSalt)
} if password == "```" || password == sealedPassword {
return "password incorrect"
} else if organization.PasswordType == "salt" {
if password == user.Password || getSaltedPassword(password, organization.PasswordSalt) == user.Password {
return "" return ""
} }
return "password incorrect" return "password incorrect"

1
object/user.go
View File

@ -30,6 +30,7 @@ type User struct {
Id string `xorm:"varchar(100)" json:"id"` Id string `xorm:"varchar(100)" json:"id"`
Type string `xorm:"varchar(100)" json:"type"` Type string `xorm:"varchar(100)" json:"type"`
Password string `xorm:"varchar(100)" json:"password"` Password string `xorm:"varchar(100)" json:"password"`
PasswordSalt string `xorm:"varchar(100)" json:"passwordSalt"`
DisplayName string `xorm:"varchar(100)" json:"displayName"` DisplayName string `xorm:"varchar(100)" json:"displayName"`
Avatar string `xorm:"varchar(255)" json:"avatar"` Avatar string `xorm:"varchar(255)" json:"avatar"`
PermanentAvatar string `xorm:"varchar(255)" json:"permanentAvatar"` PermanentAvatar string `xorm:"varchar(255)" json:"permanentAvatar"`

7
object/user_cred.go
View File

@ -18,6 +18,7 @@ import (
"strconv" "strconv"
"strings" "strings"
"github.com/casbin/casdoor/cred"
"github.com/casbin/casdoor/util" "github.com/casbin/casdoor/util"
) )
@ -32,7 +33,9 @@ func (user *User) UpdateUserHash() {
} }
func (user *User) UpdateUserPassword(organization *Organization) { func (user *User) UpdateUserPassword(organization *Organization) {
if organization.PasswordType == "salt" { credManager := cred.GetCredManager(organization.PasswordType)
user.Password = getSaltedPassword(user.Password, organization.PasswordSalt) if credManager != nil {
sealedPassword := credManager.GetSealedPassword(user.Password, user.PasswordSalt, organization.PasswordSalt)
user.Password = sealedPassword
} }
} }

6
object/user_test.go
View File

@ -74,12 +74,6 @@ func TestSyncHashes(t *testing.T) {
} }
} }
func TestGetSaltedPassword(t *testing.T) {
password := "123456"
salt := "123"
fmt.Printf("%s -> %s\n", password, getSaltedPassword(password, salt))
}
func TestGetMaskedUsers(t *testing.T) { func TestGetMaskedUsers(t *testing.T) {
type args struct { type args struct {
users []*User users []*User