isolated
This commit is contained in:
parent
ed1c61ed2d
commit
70720a0868
|
|
@ -1,7 +1,9 @@
|
||||||
package crypto
|
package crypto
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/sha256"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
|
"encoding/hex"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/constants"
|
"github.com/authorizerdev/authorizer/server/constants"
|
||||||
|
|
@ -125,9 +127,26 @@ func EncryptEnvData(data map[string]interface{}) (string, error) {
|
||||||
return EncryptB64(string(encryptedConfig)), nil
|
return EncryptB64(string(encryptedConfig)), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// getSHA256 calculates the SHA-256 hash of a string
|
||||||
|
func getSHA256(input string) string {
|
||||||
|
hash := sha256.New()
|
||||||
|
hash.Write([]byte(input))
|
||||||
|
return hex.EncodeToString(hash.Sum(nil))
|
||||||
|
}
|
||||||
|
|
||||||
|
// VerifyPassword compares a stored hashed password with a user-provided password
|
||||||
|
func VerifyPassword(storedHashedPassword, userProvidedPassword string) error {
|
||||||
|
passwordSHA256 := getSHA256(userProvidedPassword)
|
||||||
|
// CompareHashAndPassword returns nil on success
|
||||||
|
err := bcrypt.CompareHashAndPassword([]byte(storedHashedPassword), []byte(passwordSHA256))
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
// EncryptPassword is used for encrypting password
|
// EncryptPassword is used for encrypting password
|
||||||
func EncryptPassword(password string) (string, error) {
|
func EncryptPassword(password string) (string, error) {
|
||||||
pw, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
// Try to generate bcrypt hash
|
||||||
|
passwordSHA256 := getSHA256(password)
|
||||||
|
pw, err := bcrypt.GenerateFromPassword([]byte(passwordSHA256), bcrypt.DefaultCost)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -7,13 +7,13 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
"golang.org/x/crypto/bcrypt"
|
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/authenticators"
|
"github.com/authorizerdev/authorizer/server/authenticators"
|
||||||
"github.com/authorizerdev/authorizer/server/constants"
|
"github.com/authorizerdev/authorizer/server/constants"
|
||||||
"github.com/authorizerdev/authorizer/server/cookie"
|
"github.com/authorizerdev/authorizer/server/cookie"
|
||||||
|
crypto "github.com/authorizerdev/authorizer/server/crypto"
|
||||||
"github.com/authorizerdev/authorizer/server/db"
|
"github.com/authorizerdev/authorizer/server/db"
|
||||||
"github.com/authorizerdev/authorizer/server/db/models"
|
"github.com/authorizerdev/authorizer/server/db/models"
|
||||||
mailService "github.com/authorizerdev/authorizer/server/email"
|
mailService "github.com/authorizerdev/authorizer/server/email"
|
||||||
|
|
@ -104,7 +104,7 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
|
||||||
return res, fmt.Errorf(`phone number is not verified`)
|
return res, fmt.Errorf(`phone number is not verified`)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
err = bcrypt.CompareHashAndPassword([]byte(*user.Password), []byte(params.Password))
|
err = crypto.VerifyPassword(*user.Password, params.Password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Failed to compare password: ", err)
|
log.Debug("Failed to compare password: ", err)
|
||||||
return res, fmt.Errorf(`bad user credentials`)
|
return res, fmt.Errorf(`bad user credentials`)
|
||||||
|
|
|
||||||
|
|
@ -8,10 +8,10 @@ import (
|
||||||
|
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
"golang.org/x/crypto/bcrypt"
|
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/constants"
|
"github.com/authorizerdev/authorizer/server/constants"
|
||||||
"github.com/authorizerdev/authorizer/server/cookie"
|
"github.com/authorizerdev/authorizer/server/cookie"
|
||||||
|
"github.com/authorizerdev/authorizer/server/crypto"
|
||||||
"github.com/authorizerdev/authorizer/server/db"
|
"github.com/authorizerdev/authorizer/server/db"
|
||||||
"github.com/authorizerdev/authorizer/server/db/models"
|
"github.com/authorizerdev/authorizer/server/db/models"
|
||||||
"github.com/authorizerdev/authorizer/server/graph/model"
|
"github.com/authorizerdev/authorizer/server/graph/model"
|
||||||
|
|
@ -69,7 +69,7 @@ func MobileLoginResolver(ctx context.Context, params model.MobileLoginInput) (*m
|
||||||
return res, fmt.Errorf(`phone number is not verified`)
|
return res, fmt.Errorf(`phone number is not verified`)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = bcrypt.CompareHashAndPassword([]byte(*user.Password), []byte(params.Password))
|
err = crypto.VerifyPassword(*user.Password, params.Password)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Debug("Failed to compare password: ", err)
|
log.Debug("Failed to compare password: ", err)
|
||||||
|
|
|
||||||
|
|
@ -8,8 +8,6 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"golang.org/x/crypto/bcrypt"
|
|
||||||
|
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/authorizerdev/authorizer/server/constants"
|
"github.com/authorizerdev/authorizer/server/constants"
|
||||||
|
|
@ -163,7 +161,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
|
||||||
}
|
}
|
||||||
|
|
||||||
if isPasswordChanging && user.Password != nil && params.OldPassword != nil {
|
if isPasswordChanging && user.Password != nil && params.OldPassword != nil {
|
||||||
if err = bcrypt.CompareHashAndPassword([]byte(refs.StringValue(user.Password)), []byte(refs.StringValue(params.OldPassword))); err != nil {
|
if err = crypto.VerifyPassword(refs.StringValue(user.Password), refs.StringValue(params.OldPassword)); err != nil {
|
||||||
log.Debug("Failed to compare hash and old password: ", err)
|
log.Debug("Failed to compare hash and old password: ", err)
|
||||||
return res, fmt.Errorf("incorrect old password")
|
return res, fmt.Errorf("incorrect old password")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,6 @@ import (
|
||||||
"github.com/authorizerdev/authorizer/server/crypto"
|
"github.com/authorizerdev/authorizer/server/crypto"
|
||||||
"github.com/authorizerdev/authorizer/server/memorystore"
|
"github.com/authorizerdev/authorizer/server/memorystore"
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"golang.org/x/crypto/bcrypt"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// CreateAdminAuthToken creates the admin token based on secret key
|
// CreateAdminAuthToken creates the admin token based on secret key
|
||||||
|
|
@ -31,7 +30,7 @@ func GetAdminAuthToken(gc *gin.Context) (string, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
err = bcrypt.CompareHashAndPassword([]byte(token), []byte(adminSecret))
|
err = crypto.VerifyPassword(token, adminSecret)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf(`unauthorized`)
|
return "", fmt.Errorf(`unauthorized`)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user