mirror of
https://github.com/adanrsantos/ThePlaceHolders.git
synced 2024-12-16 14:20:39 -06:00
Fixed bug where login doesn't compare passwords correctly
This commit is contained in:
parent
b86f74a888
commit
c160c57da5
10
server.go
10
server.go
|
|
@ -12,7 +12,9 @@ const ADDRESS = "127.0.0.1"
|
||||||
const PORT = "8080"
|
const PORT = "8080"
|
||||||
|
|
||||||
type Server struct {
|
type Server struct {
|
||||||
Users map[string]UserData
|
// Registered user information
|
||||||
|
Users map[string]UserData
|
||||||
|
// Login sessions
|
||||||
Sessions *sessions.CookieStore
|
Sessions *sessions.CookieStore
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -38,10 +40,10 @@ func main() {
|
||||||
})
|
})
|
||||||
// Start web server at 127.0.0.1:8080
|
// Start web server at 127.0.0.1:8080
|
||||||
fmt.Printf("Listening to %s on port %s...\n", ADDRESS, PORT)
|
fmt.Printf("Listening to %s on port %s...\n", ADDRESS, PORT)
|
||||||
e := http.ListenAndServe(ADDRESS+":"+PORT, nil)
|
err := http.ListenAndServe(ADDRESS+":"+PORT, nil)
|
||||||
// Print any errors
|
// Print any errors
|
||||||
if e != nil {
|
if err != nil {
|
||||||
fmt.Println("Error starting server:")
|
fmt.Println("Error starting server:")
|
||||||
log.Fatal(e)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
36
users.go
36
users.go
|
|
@ -1,6 +1,7 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"regexp"
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
@ -11,6 +12,7 @@ import (
|
||||||
|
|
||||||
const SESSION_COOKIE_NAME = "utsa-place-session"
|
const SESSION_COOKIE_NAME = "utsa-place-session"
|
||||||
const SESSION_AUTH = "auth"
|
const SESSION_AUTH = "auth"
|
||||||
|
const SESSION_STARTED = "age"
|
||||||
|
|
||||||
const ENCRYPTION_STRENGTH = 14
|
const ENCRYPTION_STRENGTH = 14
|
||||||
|
|
||||||
|
|
@ -28,16 +30,23 @@ func validate_email(email string) (string, bool) {
|
||||||
return email, ok
|
return email, ok
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Encrypts a password
|
||||||
func hash_password(password string) string {
|
func hash_password(password string) string {
|
||||||
bytes, _ := bcrypt.GenerateFromPassword([]byte(password), ENCRYPTION_STRENGTH)
|
bytes, _ := bcrypt.GenerateFromPassword([]byte(password), ENCRYPTION_STRENGTH)
|
||||||
return string(bytes)
|
return string(bytes)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Compares an unencrpyted password to an encrypted password
|
||||||
|
func check_password_hash(password string, hash string) bool {
|
||||||
|
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
|
||||||
|
return err == nil
|
||||||
|
}
|
||||||
|
|
||||||
// Handles requests to /login.html
|
// Handles requests to /login.html
|
||||||
func (s *Server) handle_login(w http.ResponseWriter, r *http.Request) {
|
func (s *Server) handle_login(w http.ResponseWriter, r *http.Request) {
|
||||||
switch r.Method {
|
switch r.Method {
|
||||||
case http.MethodGet:
|
case http.MethodGet:
|
||||||
http.ServeFile(w, r, "./static/register.html")
|
http.ServeFile(w, r, "./static/login.html")
|
||||||
case http.MethodPost:
|
case http.MethodPost:
|
||||||
// Get data from form
|
// Get data from form
|
||||||
email := r.FormValue("email")
|
email := r.FormValue("email")
|
||||||
|
|
@ -46,12 +55,12 @@ func (s *Server) handle_login(w http.ResponseWriter, r *http.Request) {
|
||||||
user, ok := s.Users[email]
|
user, ok := s.Users[email]
|
||||||
// If user does not exist
|
// If user does not exist
|
||||||
if !ok {
|
if !ok {
|
||||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
http.Error(w, "User not found", http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
// If password does not match
|
// If password does not match
|
||||||
if password != user.Password {
|
if !check_password_hash(password, user.Password) {
|
||||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
http.Error(w, "Passwords dont match", http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
// Generate session
|
// Generate session
|
||||||
|
|
@ -61,12 +70,15 @@ func (s *Server) handle_login(w http.ResponseWriter, r *http.Request) {
|
||||||
http.Error(w, "Invalid session", http.StatusUnauthorized)
|
http.Error(w, "Invalid session", http.StatusUnauthorized)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
now := time.Now()
|
||||||
session.Values[SESSION_AUTH] = true
|
session.Values[SESSION_AUTH] = true
|
||||||
|
session.Values[SESSION_STARTED] = now
|
||||||
session.Save(r, w)
|
session.Save(r, w)
|
||||||
// Update last-login on DB
|
// Update last-login on DB
|
||||||
user.LastLogin = time.Now()
|
user.LastLogin = now
|
||||||
s.Users[email] = user
|
s.Users[email] = user
|
||||||
// Redirect to index.html
|
// Redirect to index.html
|
||||||
|
fmt.Println("Logged in user: ", email)
|
||||||
http.Redirect(w, r, "/", http.StatusFound)
|
http.Redirect(w, r, "/", http.StatusFound)
|
||||||
default:
|
default:
|
||||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||||
|
|
@ -86,7 +98,7 @@ func (s *Server) handle_register(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
password := r.FormValue("password")
|
password := r.FormValue("password")
|
||||||
if len(password) < 5 || len(password) >= 70 {
|
if len(password) < 8 || len(password) >= 70 {
|
||||||
http.Error(w, "Invalid password length", http.StatusForbidden)
|
http.Error(w, "Invalid password length", http.StatusForbidden)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
@ -103,18 +115,21 @@ func (s *Server) handle_register(w http.ResponseWriter, r *http.Request) {
|
||||||
http.Error(w, "Invalid session", http.StatusUnauthorized)
|
http.Error(w, "Invalid session", http.StatusUnauthorized)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
now := time.Now()
|
||||||
// Save user information to DB
|
// Save user information to DB
|
||||||
s.Users[email] = UserData{
|
s.Users[email] = UserData{
|
||||||
Email: email,
|
Email: email,
|
||||||
Password: password,
|
Password: hash_password(password),
|
||||||
AccountCreated: time.Now(),
|
AccountCreated: now,
|
||||||
LastLogin: time.Now(),
|
LastLogin: now,
|
||||||
}
|
}
|
||||||
// Make session valid
|
// Make session valid
|
||||||
session.Values[SESSION_AUTH] = true
|
session.Values[SESSION_AUTH] = true
|
||||||
|
session.Values[SESSION_STARTED] = now
|
||||||
// Send session token to browser
|
// Send session token to browser
|
||||||
session.Save(r, w)
|
session.Save(r, w)
|
||||||
// Redirect to index.html
|
// Redirect to index.html
|
||||||
|
fmt.Println("Registered user: ", email)
|
||||||
http.Redirect(w, r, "/", http.StatusFound)
|
http.Redirect(w, r, "/", http.StatusFound)
|
||||||
default:
|
default:
|
||||||
http.Error(w, "Forbidden", http.StatusForbidden)
|
http.Error(w, "Forbidden", http.StatusForbidden)
|
||||||
|
|
@ -130,7 +145,8 @@ func (s *Server) handle_logout(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
// Remove session cookie
|
// Remove session cookie
|
||||||
http.SetCookie(w, &http.Cookie{
|
http.SetCookie(w, &http.Cookie{
|
||||||
Name: SESSION_COOKIE_NAME,
|
Name: SESSION_COOKIE_NAME,
|
||||||
|
// Negative max age immediately removes the cookie
|
||||||
MaxAge: -1,
|
MaxAge: -1,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue