mirror/wakapi
1
0
Fork 0
mirror of https://github.com/muety/wakapi.git synced 2023-08-10 21:12:56 +03:00
Code Issues Projects Releases Wiki Activity

security: migrate to argon2id password hashing

Browse Source 
fix: support super long passwords (resolve #494)
This commit is contained in:
Ferdinand Mütsch
2023-07-08 19:15:59 +02:00
parent a8e2bc671d
commit 35ef323b19
9 changed files with 1088 additions and 1065 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
services/services.go
View File

@ -139,7 +139,6 @@ type IUserService interface {
Delete(*models.User) error
ResetApiKey(*models.User) (*models.User, error)
SetWakatimeApiCredentials(*models.User, string, string) (*models.User, error)
MigrateMd5Password(*models.User, *models.Login) (*models.User, error)
GenerateResetToken(*models.User) (*models.User, error)
FlushCache()
FlushUserCache(string)

13
services/user.go
View File

@ -157,7 +157,7 @@ func (srv *UserService) CreateOrGet(signup *models.Signup, isAdmin bool) (*model
IsAdmin: isAdmin,
}
if hash, err := utils.HashBcrypt(u.Password, srv.config.Security.PasswordSalt); err != nil {
if hash, err := utils.HashPassword(u.Password, srv.config.Security.PasswordSalt); err != nil {
return nil, false, err
} else {
u.Password = hash
@ -194,17 +194,6 @@ func (srv *UserService) SetWakatimeApiCredentials(user *models.User, apiKey stri
return user, nil
}
func (srv *UserService) MigrateMd5Password(user *models.User, login *models.Login) (*models.User, error) {
srv.FlushUserCache(user.ID)
user.Password = login.Password
if hash, err := utils.HashBcrypt(user.Password, srv.config.Security.PasswordSalt); err != nil {
return nil, err
} else {
user.Password = hash
}
return srv.repository.UpdateField(user, "password", user.Password)
}
func (srv *UserService) GenerateResetToken(user *models.User) (*models.User, error) {
return srv.repository.UpdateField(user, "reset_token", uuid.NewV4())
}