From d6c2d0f3e8357b760943d0b5cae60af42d625e43 Mon Sep 17 00:00:00 2001
From: jianmaikj <75167751+jianmaikj@users.noreply.github.com>
Date: Wed, 22 Dec 2021 13:56:32 +0800
Subject: [PATCH] feat: Add bcrypt encrypted password type (#386)
* Add loading and countdown status to the verification code sending button
* Add bcrypt encrypted password type
* Revert "Add loading and countdown status to the verification code sending button"
This reverts commit 782b9e229acf2cced9848f137f1b714b0be1df63.
* Update bcrypt.go
* Update go.sum
---
cred/bcrypt.go | 23 +++++++++++++++++++++++
cred/manager.go | 6 ++++--
cred/md5-user-salt.go | 6 +++++-
cred/plain.go | 6 +++++-
cred/sha256-salt.go | 6 +++++-
cred/sha256-salt_test.go | 2 +-
go.mod | 3 ++-
go.sum | 15 +++++++++------
object/check.go | 3 +--
object/user_cred.go | 4 ++--
web/src/OrganizationEditPage.js | 2 +-
11 files changed, 58 insertions(+), 18 deletions(-)
create mode 100644 cred/bcrypt.go
diff --git a/cred/bcrypt.go b/cred/bcrypt.go
new file mode 100644
index 00000000..2c9eb77c
--- /dev/null
+++ b/cred/bcrypt.go
@@ -0,0 +1,23 @@
+package cred
+
+import "golang.org/x/crypto/bcrypt"
+
+type BcryptCredManager struct{}
+
+func NewBcryptCredManager() *BcryptCredManager {
+ cm := &BcryptCredManager{}
+ return cm
+}
+
+func (cm *BcryptCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
+ bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+ if err != nil {
+ return ""
+ }
+ return string(bytes)
+}
+
+func (cm *BcryptCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+ err := bcrypt.CompareHashAndPassword([]byte(hashedPwd), []byte(plainPwd))
+ return err == nil
+}
diff --git a/cred/manager.go b/cred/manager.go
index 3e897510..d914dd4c 100644
--- a/cred/manager.go
+++ b/cred/manager.go
@@ -15,7 +15,8 @@
package cred
type CredManager interface {
- GetSealedPassword(password string, userSalt string, organizationSalt string) string
+ GetHashedPassword(password string, userSalt string, organizationSalt string) string
+ IsPasswordCorrect(password string, passwordHash string, userSalt string, organizationSalt string) bool
}
func GetCredManager(passwordType string) CredManager {
@@ -25,7 +26,8 @@ func GetCredManager(passwordType string) CredManager {
return NewSha256SaltCredManager()
} else if passwordType == "md5-salt" {
return NewMd5UserSaltCredManager()
+ } else if passwordType == "bcrypt" {
+ return NewBcryptCredManager()
}
-
return nil
}
diff --git a/cred/md5-user-salt.go b/cred/md5-user-salt.go
index 121bb2e4..f2b54ede 100644
--- a/cred/md5-user-salt.go
+++ b/cred/md5-user-salt.go
@@ -37,8 +37,12 @@ func NewMd5UserSaltCredManager() *Sha256SaltCredManager {
return cm
}
-func (cm *Md5UserSaltCredManager) GetSealedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *Md5UserSaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
hash := getMd5HexDigest(password)
res := getMd5HexDigest(hash + userSalt)
return res
}
+
+func (cm *Md5UserSaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+ return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+}
diff --git a/cred/plain.go b/cred/plain.go
index 7e271b8b..6a3a695d 100644
--- a/cred/plain.go
+++ b/cred/plain.go
@@ -21,6 +21,10 @@ func NewPlainCredManager() *PlainCredManager {
return cm
}
-func (cm *PlainCredManager) GetSealedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *PlainCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
return password
}
+
+func (cm *PlainCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+ return hashedPwd == plainPwd
+}
diff --git a/cred/sha256-salt.go b/cred/sha256-salt.go
index 1fb0e09c..b7581fef 100644
--- a/cred/sha256-salt.go
+++ b/cred/sha256-salt.go
@@ -37,8 +37,12 @@ func NewSha256SaltCredManager() *Sha256SaltCredManager {
return cm
}
-func (cm *Sha256SaltCredManager) GetSealedPassword(password string, userSalt string, organizationSalt string) string {
+func (cm *Sha256SaltCredManager) GetHashedPassword(password string, userSalt string, organizationSalt string) string {
hash := getSha256HexDigest(password)
res := getSha256HexDigest(hash + organizationSalt)
return res
}
+
+func (cm *Sha256SaltCredManager) IsPasswordCorrect(plainPwd string, hashedPwd string, userSalt string, organizationSalt string) bool {
+ return hashedPwd == cm.GetHashedPassword(plainPwd, userSalt, organizationSalt)
+}
diff --git a/cred/sha256-salt_test.go b/cred/sha256-salt_test.go
index e5b660d5..d132a67a 100644
--- a/cred/sha256-salt_test.go
+++ b/cred/sha256-salt_test.go
@@ -23,5 +23,5 @@ func TestGetSaltedPassword(t *testing.T) {
password := "123456"
salt := "123"
cm := NewSha256SaltCredManager()
- fmt.Printf("%s -> %s\n", password, cm.GetSealedPassword(password, "", salt))
+ fmt.Printf("%s -> %s\n", password, cm.GetHashedPassword(password, "", salt))
}
diff --git a/go.mod b/go.mod
index 44d552fb..2a61bb5c 100644
--- a/go.mod
+++ b/go.mod
@@ -26,7 +26,8 @@ require (
github.com/satori/go.uuid v1.2.0 // indirect
github.com/smartystreets/goconvey v1.6.4 // indirect
github.com/thanhpk/randstr v1.0.4
- golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
+ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
+ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2
golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
diff --git a/go.sum b/go.sum
index b90d3b83..e0962233 100644
--- a/go.sum
+++ b/go.sum
@@ -375,8 +375,9 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M=
+golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -440,8 +441,8 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R
golang.org/x/net v0.0.0-20200927032502-5d4f70055728/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200930145003-4acb6c075d10/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -493,15 +494,17 @@ golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44 h1:Bli41pIlzTzf3KEY06n+xnzK/BESIg2ze4Pgfh/aI8c=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
diff --git a/object/check.go b/object/check.go
index 3194a3bd..da0d8094 100644
--- a/object/check.go
+++ b/object/check.go
@@ -111,8 +111,7 @@ func CheckPassword(user *User, password string) string {
return ""
}
- sealedPassword := credManager.GetSealedPassword(password, user.PasswordSalt, organization.PasswordSalt)
- if user.Password == sealedPassword {
+ if credManager.IsPasswordCorrect(password, user.Password, user.PasswordSalt, organization.PasswordSalt) {
return ""
}
return "password incorrect"
diff --git a/object/user_cred.go b/object/user_cred.go
index 5e4c7a02..e85c90c1 100644
--- a/object/user_cred.go
+++ b/object/user_cred.go
@@ -33,7 +33,7 @@ func (user *User) UpdateUserHash() {
func (user *User) UpdateUserPassword(organization *Organization) {
credManager := cred.GetCredManager(organization.PasswordType)
if credManager != nil {
- sealedPassword := credManager.GetSealedPassword(user.Password, user.PasswordSalt, organization.PasswordSalt)
- user.Password = sealedPassword
+ hashedPassword := credManager.GetHashedPassword(user.Password, user.PasswordSalt, organization.PasswordSalt)
+ user.Password = hashedPassword
}
}
diff --git a/web/src/OrganizationEditPage.js b/web/src/OrganizationEditPage.js
index aef5c710..fa2390bf 100644
--- a/web/src/OrganizationEditPage.js
+++ b/web/src/OrganizationEditPage.js
@@ -153,7 +153,7 @@ class OrganizationEditPage extends React.Component {