Mirrors/gophish
2
0
Fork 0
mirror of https://github.com/gophish/gophish synced 2024-11-15 00:37:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #186 from rcutmore/confirm-password

Browse source 
Confirm password on registration or change
This commit is contained in:
Jordan Wright 2016-03-02 19:25:30 -06:00
commit 0741e163f5
5 changed files with 46 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
auth/auth.go
View file

@ -34,6 +34,9 @@ var ErrInvalidPassword = errors.New("Invalid Password")
// or change password functions // or change password functions
var ErrEmptyPassword = errors.New("Password cannot be blank") var ErrEmptyPassword = errors.New("Password cannot be blank")
// ErrPasswordMismatch is thrown when a user provides passwords that do not match
var ErrPasswordMismatch = errors.New("Passwords must match")
// Login attempts to login the user given a request. // Login attempts to login the user given a request.
func Login(r *http.Request) (bool, error) { func Login(r *http.Request) (bool, error) {
username, password := r.FormValue("username"), r.FormValue("password") username, password := r.FormValue("username"), r.FormValue("password")
@ -56,7 +59,9 @@ func Login(r *http.Request) (bool, error) {
// Register attempts to register the user given a request. // Register attempts to register the user given a request.
func Register(r *http.Request) (bool, error) { func Register(r *http.Request) (bool, error) {
username, password := r.FormValue("username"), r.FormValue("password") username := r.FormValue("username")
newPassword := r.FormValue("password")
confirmPassword := r.FormValue("confirm_password")
u, err := models.GetUserByUsername(username) u, err := models.GetUserByUsername(username)
// If we have an error which is not simply indicating that no user was found, report it // If we have an error which is not simply indicating that no user was found, report it
if err != nil { if err != nil {
@ -64,13 +69,17 @@ func Register(r *http.Request) (bool, error) {
return false, err return false, err
} }
u = models.User{} u = models.User{}
//If we've made it here, we should have a valid username given // If we've made it here, we should have a valid username given
// Check that the passsword isn't blank // Check that the passsword isn't blank
if password == "" { if newPassword == "" {
return false, ErrEmptyPassword return false, ErrEmptyPassword
} }
//Let's create the password hash // Make sure passwords match
h, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) if newPassword != confirmPassword {
return false, ErrPasswordMismatch
}
// Let's create the password hash
h, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost)
if err != nil { if err != nil {
return false, err return false, err
} }
@ -92,18 +101,24 @@ func GenerateSecureKey() string {
func ChangePassword(r *http.Request) error { func ChangePassword(r *http.Request) error {
u := ctx.Get(r, "user").(models.User) u := ctx.Get(r, "user").(models.User)
c, n := r.FormValue("current_password"), r.FormValue("new_password") currentPw := r.FormValue("current_password")
newPassword := r.FormValue("new_password")
confirmPassword := r.FormValue("confirm_new_password")
// Check the current password // Check the current password
err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(c)) err := bcrypt.CompareHashAndPassword([]byte(u.Hash), []byte(currentPw))
if err != nil { if err != nil {
return ErrInvalidPassword return ErrInvalidPassword
} }
// Check that the new password isn't blank // Check that the new password isn't blank
if n == "" { if newPassword == "" {
return ErrEmptyPassword return ErrEmptyPassword
} }
// Check that new passwords match
if newPassword != confirmPassword {
return ErrPasswordMismatch
}
// Generate the new hash // Generate the new hash
h, err := bcrypt.GenerateFromPassword([]byte(n), bcrypt.DefaultCost) h, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost)
if err != nil { if err != nil {
return err return err
} }

13
static/css/main.css vendored
View file

@ -57,12 +57,19 @@
.form-signin .form-control:focus { .form-signin .form-control:focus {
z-index: 2; z-index: 2;
} }
.form-signin input[type="text"] { .form-signin .top-input {
margin-bottom: -1px; margin-bottom: -1px;
border-bottom-left-radius: 0; border-bottom-left-radius: 0;
border-bottom-right-radius: 0; border-bottom-right-radius: 0;
} }
.form-signin input[type="password"] { .form-signin .middle-input {
margin-bottom: -1px;
border-top-left-radius: 0;
border-top-right-radius: 0;
border-bottom-left-radius: 0;
border-bottom-right-radius: 0;
}
.form-signin .bottom-input {
margin-bottom: 10px; margin-bottom: 10px;
border-top-left-radius: 0; border-top-left-radius: 0;
border-top-right-radius: 0; border-top-right-radius: 0;
@ -375,7 +382,7 @@ table.dataTable thead .sorting_desc:after {
opacity: .8 !important; opacity: .8 !important;
} }
td.details-control{ td.details-control{
cursor:pointer; cursor:pointer;
} }
.timeline{ .timeline{
text-align:left; text-align:left;

4
templates/login.html
View file

@ -52,8 +52,8 @@
<img id="logo" src="/images/logo_purple.png" /> <img id="logo" src="/images/logo_purple.png" />
<h2 class="form-signin-heading">Please sign in</h2> <h2 class="form-signin-heading">Please sign in</h2>
{{template "flashes" .Flashes}} {{template "flashes" .Flashes}}
<input type="text" name="username" class="form-control" placeholder="Username" required autofocus> <input type="text" name="username" class="form-control top-input" placeholder="Username" required autofocus>
<input type="password" name="password" class="form-control" placeholder="Password" required> <input type="password" name="password" class="form-control bottom-input" placeholder="Password" required>
<input type="hidden" name="csrf_token" value="{{.Token}}"/> <input type="hidden" name="csrf_token" value="{{.Token}}"/>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button> <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
</form> </form>

5
templates/register.html
View file

@ -52,8 +52,9 @@
<img id="logo" src="/images/logo_purple.png" /> <img id="logo" src="/images/logo_purple.png" />
<h2 class="form-signin-heading">Please register below</h2> <h2 class="form-signin-heading">Please register below</h2>
{{template "flashes" .Flashes}} {{template "flashes" .Flashes}}
<input type="text" name="username" class="form-control" placeholder="Username" required autofocus/> <input type="text" name="username" class="form-control top-input" placeholder="Username" required autofocus/>
<input type="password" name="password" class="form-control" placeholder="Password" required/> <input type="password" name="password" class="form-control middle-input" placeholder="Password" required/>
<input type="password" name="confirm_password" class="form-control bottom-input" placeholder="Confirm Password" required/>
<input type="hidden" name="csrf_token" value="{{.Token}}"/> <input type="hidden" name="csrf_token" value="{{.Token}}"/>
<button class="btn btn-lg btn-primary btn-block" type="submit">Register</button> <button class="btn btn-lg btn-primary btn-block" type="submit">Register</button>
</form> </form>

7
templates/settings.html
View file

@ -70,6 +70,13 @@
<input type="password" id="new_password" name="new_password" class="form-control" /> <input type="password" id="new_password" name="new_password" class="form-control" />
</div> </div>
</div> </div>
<br />
<div class="row">
<label for="confirm_new_password" class="col-sm-2 control-label form-label">Confirm New Password:</label>
<div class="col-md-6">
<input type="password" id="confirm_new_password" name="confirm_new_password" class="form-control" />
</div>
</div>
<input type="hidden" name="csrf_token" value="{{.Token}}"/> <input type="hidden" name="csrf_token" value="{{.Token}}"/>
<br /> <br />
<button class="btn btn-primary" type="submit"><i class="fa fa-save"></i> Save</button> <button class="btn btn-primary" type="submit"><i class="fa fa-save"></i> Save</button>