8 vuotta sitten · 5d53115e75
--- a/bindata/bindata.go
+++ b/bindata/bindata.go
@@ -87,7 +87,7 @@ func templateCcdFileTmpl() (*asset, error) {
 
				 		return nil, err
			
 
				 	}
			
 
				 
			
 
				-	info := bindataFileInfo{name: "template/ccd.file.tmpl", size: 74, mode: os.FileMode(420), modTime: time.Unix(1502998813, 0)}
			
 
				+	info := bindataFileInfo{name: "template/ccd.file.tmpl", size: 74, mode: os.FileMode(436), modTime: time.Unix(1502659670, 0)}
			
 
				 	a := &asset{bytes: bytes, info: info}
			
 
				 	return a, nil
			
 
				 }
			
@@ -107,7 +107,7 @@ func templateClientOvpnTmpl() (*asset, error) {
 
				 		return nil, err
			
 
				 	}
			
 
				 
			
 
				-	info := bindataFileInfo{name: "template/client.ovpn.tmpl", size: 365, mode: os.FileMode(420), modTime: time.Unix(1503000877, 0)}
			
 
				+	info := bindataFileInfo{name: "template/client.ovpn.tmpl", size: 365, mode: os.FileMode(436), modTime: time.Unix(1503043866, 0)}
			
 
				 	a := &asset{bytes: bytes, info: info}
			
 
				 	return a, nil
			
 
				 }
			
@@ -127,7 +127,7 @@ func templateDh4096PemTmpl() (*asset, error) {
 
				 		return nil, err
			
 
				 	}
			
 
				 
			
 
				-	info := bindataFileInfo{name: "template/dh4096.pem.tmpl", size: 1468, mode: os.FileMode(420), modTime: time.Unix(1502796579, 0)}
			
 
				+	info := bindataFileInfo{name: "template/dh4096.pem.tmpl", size: 1468, mode: os.FileMode(436), modTime: time.Unix(1502659670, 0)}
			
 
				 	a := &asset{bytes: bytes, info: info}
			
 
				 	return a, nil
			
 
				 }
			
@@ -147,7 +147,7 @@ func templateIptablesTmpl() (*asset, error) {
 
				 		return nil, err
			
 
				 	}
			
 
				 
			
 
				-	info := bindataFileInfo{name: "template/iptables.tmpl", size: 0, mode: os.FileMode(420), modTime: time.Unix(1502796579, 0)}
			
 
				+	info := bindataFileInfo{name: "template/iptables.tmpl", size: 0, mode: os.FileMode(436), modTime: time.Unix(1502659670, 0)}
			
 
				 	a := &asset{bytes: bytes, info: info}
			
 
				 	return a, nil
			
 
				 }
			
@@ -167,7 +167,7 @@ func templateServerConfTmpl() (*asset, error) {
 
				 		return nil, err
			
 
				 	}
			
 
				 
			
 
				-	info := bindataFileInfo{name: "template/server.conf.tmpl", size: 9585, mode: os.FileMode(420), modTime: time.Unix(1502796579, 0)}
			
 
				+	info := bindataFileInfo{name: "template/server.conf.tmpl", size: 9585, mode: os.FileMode(436), modTime: time.Unix(1502659670, 0)}
			
 
				 	a := &asset{bytes: bytes, info: info}
			
 
				 	return a, nil
			
 
				 }
			
--- a/user.go
+++ b/user.go
@@ -9,6 +9,7 @@ import (
 
				 	"github.com/asaskevich/govalidator"
			
 
				 	"github.com/cad/ovpm/pki"
			
 
				 	"github.com/jinzhu/gorm"
			
 
				+	"gopkg.in/hlandau/passlib.v1"
			
 
				 )
			
 
				 
			
 
				 // User represents the interface that is being used within the public api.
			
@@ -29,7 +30,7 @@ type DBUser struct {
 
				 	Username           string `gorm:"unique_index"`
			
 
				 	Cert               string
			
 
				 	ServerSerialNumber string
			
 
				-	Password           string
			
 
				+	Hash               string
			
 
				 	Key                string
			
 
				 	NoGW               bool
			
 
				 }
			
@@ -41,14 +42,23 @@ type DBRevoked struct {
 
				 }
			
 
				 
			
 
				 func (u *DBUser) setPassword(password string) error {
			
 
				-	// TODO(cad): Use a proper password hashing algorithm here.
			
 
				-	u.Password = password
			
 
				+	hashedPassword, err := passlib.Hash(password)
			
 
				+	if err != nil {
			
 
				+		return fmt.Errorf("can not set password: %v", err)
			
 
				+	}
			
 
				+
			
 
				+	u.Hash = hashedPassword
			
 
				 	return nil
			
 
				 }
			
 
				 
			
 
				 // CheckPassword returns wether the given password is correct for the user.
			
 
				 func (u *DBUser) CheckPassword(password string) bool {
			
 
				-	return u.Password == password
			
 
				+	_, err := passlib.Verify(password, u.Hash)
			
 
				+	if err != nil {
			
 
				+		logrus.Error(err)
			
 
				+		return false
			
 
				+	}
			
 
				+	return true
			
 
				 }
			
 
				 
			
 
				 // GetUser finds and returns the user with the given username from database.
			
@@ -101,14 +111,13 @@ func CreateNewUser(username, password string, nogw bool) (*DBUser, error) {
 
				 		return nil, fmt.Errorf("can not get server: %v", err)
			
 
				 	}
			
 
				 	user := DBUser{
			
 
				-
			
 
				 		Username:           username,
			
 
				-		Password:           password,
			
 
				 		Cert:               clientCert.Cert,
			
 
				 		Key:                clientCert.Key,
			
 
				 		ServerSerialNumber: server.SerialNumber,
			
 
				 		NoGW:               nogw,
			
 
				 	}
			
 
				+	user.setPassword(password)
			
 
				 
			
 
				 	db.Create(&user)
			
 
				 	if db.NewRecord(&user) {
			
--- a/user_test.go
+++ b/user_test.go
@@ -89,7 +89,6 @@ func TestUserPasswordCorrect(t *testing.T) {
 
				 	user, _ := ovpm.CreateNewUser("testUser", initialPassword, false)
			
 
				 
			
 
				 	// Test:
			
 
				-
			
 
				 	// Is user created with the correct password?
			
 
				 	if !user.CheckPassword(initialPassword) {
			
 
				 		t.Fatalf("user's password must be '%s', but CheckPassword fails +%v", initialPassword, user)
			
@@ -260,8 +259,8 @@ func areUsersEqual(user1, user2 *ovpm.DBUser) bool {
 
				 		logrus.Infof("Username %v != %v", user1.Username, user2.Username)
			
 
				 		return false
			
 
				 	}
			
 
				-	if user1.Password != user2.Password {
			
 
				-		logrus.Infof("Password %v != %v", user1.Password, user2.Password)
			
 
				+	if user1.Hash != user2.Hash {
			
 
				+		logrus.Infof("Password %v != %v", user1.Hash, user2.Hash)
			
 
				 		return false
			
 
				 	}
			
 
				 	if user1.ServerSerialNumber != user2.ServerSerialNumber {