gosora/common/auth.go

285 lines
8.8 KiB
Go
Raw Normal View History

/*
*
* Gosora Authentication Interface
UNSTABLE: Began work on the Nox Theme. Removed the Tempra Cursive Theme. You can now do bulk moderation actions with Shadow. Added: Argon2 as a dependency. The EmailStore. The ReportStore. The Copy method to *Setting. The AddColumn method to the query builder and adapters. The textarea setting type. More logging to better debug issues. The GetOffset method to the UserStore. Removed: Sortable from Code Climate's Analysis. MemberCheck and memberCheck as they're obsolete now. The obsolete url_tags setting. The BcryptGeneratePasswordNoSalt function. Some redundant fields from some of the page structs. Revamped: The Control Panel Setting List and Editor. Refactored: The password hashing logic to make it more amenable to multiple hashing algorithms. The email portion of the Account Manager. The Control Panel User List. The report system. simplePanelUserCheck and simpleUserCheck to remove the duplicated logic as the two do the exact same thing. Fixed: Missing slugs in the profile links in the User Manager. A few template initialisers potentially reducing the number of odd template edge cases. Some problems with the footer. Custom selection colour not applying to images on Shadow. The avatars of the bottom row of the topic list on Conflux leaking out. Other: Moved the startTime variable into package common and exported it. Moved the password hashing logic from user.go to auth.go Split common/themes.go into common/theme.go and common/theme_list.go Replaced the SettingLabels phrase category with the more generic SettingPhrases category. Moved a load of routes, including panel ones into the routes and panel packages. Hid the notifications link from the Account Menu. Moved more inline CSS into the CSS files and made things a little more flexible here and there. Continued work on PgSQL, still a ways away. Guests now have a default avatar like everyone else. Tweaked some of the font sizes on Cosora to make the text look a little nicer. Partially implemented the theme dock override logic. Partially implemented a "symlink" like feature for theme directories. ... And a bunch of other things I might have missed. You will need to run this update script / patcher for this commit. Warning: This is an "unstable commit", therefore some things may be a little less stable than I'd like. For instance, the Shadow Theme is a little broken in this commit.
2018-05-27 09:36:35 +00:00
* Copyright Azareal 2017 - 2019
*
*/
package common
UNSTABLE: Began work on the Nox Theme. Removed the Tempra Cursive Theme. You can now do bulk moderation actions with Shadow. Added: Argon2 as a dependency. The EmailStore. The ReportStore. The Copy method to *Setting. The AddColumn method to the query builder and adapters. The textarea setting type. More logging to better debug issues. The GetOffset method to the UserStore. Removed: Sortable from Code Climate's Analysis. MemberCheck and memberCheck as they're obsolete now. The obsolete url_tags setting. The BcryptGeneratePasswordNoSalt function. Some redundant fields from some of the page structs. Revamped: The Control Panel Setting List and Editor. Refactored: The password hashing logic to make it more amenable to multiple hashing algorithms. The email portion of the Account Manager. The Control Panel User List. The report system. simplePanelUserCheck and simpleUserCheck to remove the duplicated logic as the two do the exact same thing. Fixed: Missing slugs in the profile links in the User Manager. A few template initialisers potentially reducing the number of odd template edge cases. Some problems with the footer. Custom selection colour not applying to images on Shadow. The avatars of the bottom row of the topic list on Conflux leaking out. Other: Moved the startTime variable into package common and exported it. Moved the password hashing logic from user.go to auth.go Split common/themes.go into common/theme.go and common/theme_list.go Replaced the SettingLabels phrase category with the more generic SettingPhrases category. Moved a load of routes, including panel ones into the routes and panel packages. Hid the notifications link from the Account Menu. Moved more inline CSS into the CSS files and made things a little more flexible here and there. Continued work on PgSQL, still a ways away. Guests now have a default avatar like everyone else. Tweaked some of the font sizes on Cosora to make the text look a little nicer. Partially implemented the theme dock override logic. Partially implemented a "symlink" like feature for theme directories. ... And a bunch of other things I might have missed. You will need to run this update script / patcher for this commit. Warning: This is an "unstable commit", therefore some things may be a little less stable than I'd like. For instance, the Shadow Theme is a little broken in this commit.
2018-05-27 09:36:35 +00:00
import (
"database/sql"
"errors"
"net/http"
"strconv"
"strings"
UNSTABLE: Began work on the Nox Theme. Removed the Tempra Cursive Theme. You can now do bulk moderation actions with Shadow. Added: Argon2 as a dependency. The EmailStore. The ReportStore. The Copy method to *Setting. The AddColumn method to the query builder and adapters. The textarea setting type. More logging to better debug issues. The GetOffset method to the UserStore. Removed: Sortable from Code Climate's Analysis. MemberCheck and memberCheck as they're obsolete now. The obsolete url_tags setting. The BcryptGeneratePasswordNoSalt function. Some redundant fields from some of the page structs. Revamped: The Control Panel Setting List and Editor. Refactored: The password hashing logic to make it more amenable to multiple hashing algorithms. The email portion of the Account Manager. The Control Panel User List. The report system. simplePanelUserCheck and simpleUserCheck to remove the duplicated logic as the two do the exact same thing. Fixed: Missing slugs in the profile links in the User Manager. A few template initialisers potentially reducing the number of odd template edge cases. Some problems with the footer. Custom selection colour not applying to images on Shadow. The avatars of the bottom row of the topic list on Conflux leaking out. Other: Moved the startTime variable into package common and exported it. Moved the password hashing logic from user.go to auth.go Split common/themes.go into common/theme.go and common/theme_list.go Replaced the SettingLabels phrase category with the more generic SettingPhrases category. Moved a load of routes, including panel ones into the routes and panel packages. Hid the notifications link from the Account Menu. Moved more inline CSS into the CSS files and made things a little more flexible here and there. Continued work on PgSQL, still a ways away. Guests now have a default avatar like everyone else. Tweaked some of the font sizes on Cosora to make the text look a little nicer. Partially implemented the theme dock override logic. Partially implemented a "symlink" like feature for theme directories. ... And a bunch of other things I might have missed. You will need to run this update script / patcher for this commit. Warning: This is an "unstable commit", therefore some things may be a little less stable than I'd like. For instance, the Shadow Theme is a little broken in this commit.
2018-05-27 09:36:35 +00:00
"../query_gen/lib"
Added the Page Manager for faster and easier custom page creation. Added the PageStore. Renamed account_own_edit.html to account_own_edit_password.html Renamed custom-page.html to custom_page.html Renamed the pre_render_custom_page hook to pre_render_tmpl_page. Added a new pre_render_custom_page hook, not to be confused with the previous one. Renamed the pre_render_account_own_edit_critical hook to pre_render_account_own_edit_password. Moved the report forum ID into a constant. Renamed todaysReportCount to topicsTopicCountByForum and made it more generic. Renamed panel-menu.html to panel_menu.html Renamed panel-inner-menu.html to panel_inner_menu.html Removed an irrelevant editable_parent in a no results row. Fixed the profile page loading the wrong profile.css Fixed a bug where the last poster avatar would break on the forum page. Added the AddNotice method to *Header. Greatly simplified many of the page struct definitions. Added the ErrorPage page struct and refactored the error pages to use it. Added the BasePanelPage page struct and refactored the panel page structs to use it. Tweaked the DefaultHeader function to set the user on the spot rather than after the fact. Simplified AccountEditAvatarSubmit into a redirect. Add the addElement closure in the control panel dashboard to reduce the amount of complexity. Tweaked LogWarning to better handle nils. Added the account_username phrase. Added the account_avatar phrase. Added the account_email phrase. Added the panel_pages phrase. Added the panel_pages_edit phrase. Added the panel_page_created phrase. Added the panel_page_updated phrase. Added the panel_page_deleted phrase. Added the account_menu_security phrase. Added the panel_menu_pages phrase. Added the panel_pages_head phrase. Added the panel_pages_edit_button_aria phrase. Added the panel_pages_delete_button_aria phrase. Added the panel_pages_no_pages phrase. Added the panel_pages_create_head phrase. Added the panel_pages_create_name phrase. Added the panel_pages_create_name_placeholder phrase. Added the panel_pages_create_title phrase. Added the panel_pages_create_title_placeholder phrase. Added the panel_pages_create_body_placeholder phrase. Added the panel_pages_create_submit_button phrase. Added the panel_pages_edit_head phrase. Added the panel_pages_name phrase. Added the panel_pages_title phrase. Added the panel_pages_edit_update_button phrase. Began work on two-factor authentication. Made more progress with the Nox Theme.
2018-06-06 00:21:22 +00:00
"./gauth"
UNSTABLE: Began work on the Nox Theme. Removed the Tempra Cursive Theme. You can now do bulk moderation actions with Shadow. Added: Argon2 as a dependency. The EmailStore. The ReportStore. The Copy method to *Setting. The AddColumn method to the query builder and adapters. The textarea setting type. More logging to better debug issues. The GetOffset method to the UserStore. Removed: Sortable from Code Climate's Analysis. MemberCheck and memberCheck as they're obsolete now. The obsolete url_tags setting. The BcryptGeneratePasswordNoSalt function. Some redundant fields from some of the page structs. Revamped: The Control Panel Setting List and Editor. Refactored: The password hashing logic to make it more amenable to multiple hashing algorithms. The email portion of the Account Manager. The Control Panel User List. The report system. simplePanelUserCheck and simpleUserCheck to remove the duplicated logic as the two do the exact same thing. Fixed: Missing slugs in the profile links in the User Manager. A few template initialisers potentially reducing the number of odd template edge cases. Some problems with the footer. Custom selection colour not applying to images on Shadow. The avatars of the bottom row of the topic list on Conflux leaking out. Other: Moved the startTime variable into package common and exported it. Moved the password hashing logic from user.go to auth.go Split common/themes.go into common/theme.go and common/theme_list.go Replaced the SettingLabels phrase category with the more generic SettingPhrases category. Moved a load of routes, including panel ones into the routes and panel packages. Hid the notifications link from the Account Menu. Moved more inline CSS into the CSS files and made things a little more flexible here and there. Continued work on PgSQL, still a ways away. Guests now have a default avatar like everyone else. Tweaked some of the font sizes on Cosora to make the text look a little nicer. Partially implemented the theme dock override logic. Partially implemented a "symlink" like feature for theme directories. ... And a bunch of other things I might have missed. You will need to run this update script / patcher for this commit. Warning: This is an "unstable commit", therefore some things may be a little less stable than I'd like. For instance, the Shadow Theme is a little broken in this commit.
2018-05-27 09:36:35 +00:00
//"golang.org/x/crypto/argon2"
"golang.org/x/crypto/bcrypt"
)
// TODO: Write more authentication tests
var Auth AuthInt
UNSTABLE: Began work on the Nox Theme. Removed the Tempra Cursive Theme. You can now do bulk moderation actions with Shadow. Added: Argon2 as a dependency. The EmailStore. The ReportStore. The Copy method to *Setting. The AddColumn method to the query builder and adapters. The textarea setting type. More logging to better debug issues. The GetOffset method to the UserStore. Removed: Sortable from Code Climate's Analysis. MemberCheck and memberCheck as they're obsolete now. The obsolete url_tags setting. The BcryptGeneratePasswordNoSalt function. Some redundant fields from some of the page structs. Revamped: The Control Panel Setting List and Editor. Refactored: The password hashing logic to make it more amenable to multiple hashing algorithms. The email portion of the Account Manager. The Control Panel User List. The report system. simplePanelUserCheck and simpleUserCheck to remove the duplicated logic as the two do the exact same thing. Fixed: Missing slugs in the profile links in the User Manager. A few template initialisers potentially reducing the number of odd template edge cases. Some problems with the footer. Custom selection colour not applying to images on Shadow. The avatars of the bottom row of the topic list on Conflux leaking out. Other: Moved the startTime variable into package common and exported it. Moved the password hashing logic from user.go to auth.go Split common/themes.go into common/theme.go and common/theme_list.go Replaced the SettingLabels phrase category with the more generic SettingPhrases category. Moved a load of routes, including panel ones into the routes and panel packages. Hid the notifications link from the Account Menu. Moved more inline CSS into the CSS files and made things a little more flexible here and there. Continued work on PgSQL, still a ways away. Guests now have a default avatar like everyone else. Tweaked some of the font sizes on Cosora to make the text look a little nicer. Partially implemented the theme dock override logic. Partially implemented a "symlink" like feature for theme directories. ... And a bunch of other things I might have missed. You will need to run this update script / patcher for this commit. Warning: This is an "unstable commit", therefore some things may be a little less stable than I'd like. For instance, the Shadow Theme is a little broken in this commit.
2018-05-27 09:36:35 +00:00
const SaltLength int = 32
const SessionLength int = 80
// ErrMismatchedHashAndPassword is thrown whenever a hash doesn't match it's unhashed password
var ErrMismatchedHashAndPassword = bcrypt.ErrMismatchedHashAndPassword
// nolint
UNSTABLE: Began work on the Nox Theme. Removed the Tempra Cursive Theme. You can now do bulk moderation actions with Shadow. Added: Argon2 as a dependency. The EmailStore. The ReportStore. The Copy method to *Setting. The AddColumn method to the query builder and adapters. The textarea setting type. More logging to better debug issues. The GetOffset method to the UserStore. Removed: Sortable from Code Climate's Analysis. MemberCheck and memberCheck as they're obsolete now. The obsolete url_tags setting. The BcryptGeneratePasswordNoSalt function. Some redundant fields from some of the page structs. Revamped: The Control Panel Setting List and Editor. Refactored: The password hashing logic to make it more amenable to multiple hashing algorithms. The email portion of the Account Manager. The Control Panel User List. The report system. simplePanelUserCheck and simpleUserCheck to remove the duplicated logic as the two do the exact same thing. Fixed: Missing slugs in the profile links in the User Manager. A few template initialisers potentially reducing the number of odd template edge cases. Some problems with the footer. Custom selection colour not applying to images on Shadow. The avatars of the bottom row of the topic list on Conflux leaking out. Other: Moved the startTime variable into package common and exported it. Moved the password hashing logic from user.go to auth.go Split common/themes.go into common/theme.go and common/theme_list.go Replaced the SettingLabels phrase category with the more generic SettingPhrases category. Moved a load of routes, including panel ones into the routes and panel packages. Hid the notifications link from the Account Menu. Moved more inline CSS into the CSS files and made things a little more flexible here and there. Continued work on PgSQL, still a ways away. Guests now have a default avatar like everyone else. Tweaked some of the font sizes on Cosora to make the text look a little nicer. Partially implemented the theme dock override logic. Partially implemented a "symlink" like feature for theme directories. ... And a bunch of other things I might have missed. You will need to run this update script / patcher for this commit. Warning: This is an "unstable commit", therefore some things may be a little less stable than I'd like. For instance, the Shadow Theme is a little broken in this commit.
2018-05-27 09:36:35 +00:00
var ErrHashNotExist = errors.New("We don't recognise that hashing algorithm")
var ErrTooFewHashParams = errors.New("You haven't provided enough hash parameters")
// ErrPasswordTooLong is silly, but we don't want bcrypt to bork on us
var ErrPasswordTooLong = errors.New("The password you selected is too long")
var ErrWrongPassword = errors.New("That's not the correct password.")
var ErrSecretError = errors.New("There was a glitch in the system. Please contact your local administrator.")
var ErrNoUserByName = errors.New("We couldn't find an account with that username.")
UNSTABLE: Began work on the Nox Theme. Removed the Tempra Cursive Theme. You can now do bulk moderation actions with Shadow. Added: Argon2 as a dependency. The EmailStore. The ReportStore. The Copy method to *Setting. The AddColumn method to the query builder and adapters. The textarea setting type. More logging to better debug issues. The GetOffset method to the UserStore. Removed: Sortable from Code Climate's Analysis. MemberCheck and memberCheck as they're obsolete now. The obsolete url_tags setting. The BcryptGeneratePasswordNoSalt function. Some redundant fields from some of the page structs. Revamped: The Control Panel Setting List and Editor. Refactored: The password hashing logic to make it more amenable to multiple hashing algorithms. The email portion of the Account Manager. The Control Panel User List. The report system. simplePanelUserCheck and simpleUserCheck to remove the duplicated logic as the two do the exact same thing. Fixed: Missing slugs in the profile links in the User Manager. A few template initialisers potentially reducing the number of odd template edge cases. Some problems with the footer. Custom selection colour not applying to images on Shadow. The avatars of the bottom row of the topic list on Conflux leaking out. Other: Moved the startTime variable into package common and exported it. Moved the password hashing logic from user.go to auth.go Split common/themes.go into common/theme.go and common/theme_list.go Replaced the SettingLabels phrase category with the more generic SettingPhrases category. Moved a load of routes, including panel ones into the routes and panel packages. Hid the notifications link from the Account Menu. Moved more inline CSS into the CSS files and made things a little more flexible here and there. Continued work on PgSQL, still a ways away. Guests now have a default avatar like everyone else. Tweaked some of the font sizes on Cosora to make the text look a little nicer. Partially implemented the theme dock override logic. Partially implemented a "symlink" like feature for theme directories. ... And a bunch of other things I might have missed. You will need to run this update script / patcher for this commit. Warning: This is an "unstable commit", therefore some things may be a little less stable than I'd like. For instance, the Shadow Theme is a little broken in this commit.
2018-05-27 09:36:35 +00:00
var DefaultHashAlgo = "bcrypt" // Override this in the configuration file, not here
//func(realPassword string, password string, salt string) (err error)
var CheckPasswordFuncs = map[string]func(string, string, string) error{
"bcrypt": BcryptCheckPassword,
//"argon2": Argon2CheckPassword,
}
//func(password string) (hashedPassword string, salt string, err error)
var GeneratePasswordFuncs = map[string]func(string) (string, string, error){
"bcrypt": BcryptGeneratePassword,
//"argon2": Argon2GeneratePassword,
}
var HashPrefixes = map[string]string{
"$2a$": "bcrypt",
//"argon2$": "argon2",
}
// AuthInt is the main authentication interface.
type AuthInt interface {
Added the Social Groups plugin. This is still under construction. Made a few improvements to the ForumStore, including bringing it's API closer in line with the other datastores, adding stubs for future subforum functionality, and improving efficiency in a few places. The auth interface now handles all the authentication stuff. Renamed the debug config variable to debug_mode. Added the PluginPerms API. Internal Errors will now dump the stack trace in the console. Added support for installable plugins. Refactored the routing logic so that the router now handles the common PreRoute logic(exc. /static/) Added the CreateTable method to the query generator. It might need some tweaking to better support other database systems. Added the same CreateTable method to the query builder. Began work on PostgreSQL support. Added the string-string hook type Added the pre_render hook type. Added the ParentID and ParentType fields to forums. Added the get_forum_url_prefix function. Added a more generic build_slug function. Added the get_topic_url_prefix function. Added the override_perms and override_forum_perms functions for bulk setting and unsetting permissions. Added more ExtData fields in a few structs and removed them on the Perms struct as the PluginPerms API supersedes them there. Plugins can now see the router instance. The plugin initialisation handlers can now throw errors. Plugins are now initialised after all the forum's subsystems are. Refactored the unit test logic. For instance, we now use the proper .Log method rather than fmt.Println in many cases. Sorry, we'll have to break Github's generated file detection, as the build instructions aren't working, unless I put them at the top, and they're far, far more important than getting Github to recognise the generated code as generated code. Fixed an issue with mysql.go's _init_database() overwriting the dbpassword variable. Not a huge issue, but it is a "gotcha" for those not expecting a ':' at the start. Fixed an issue with forum creation where the forum permissions didn't get cached. Fixed a bug in plugin_bbcode where negative numbers in rand would crash Gosora. Made the outputs of plugin_markdown and plugin_bbcode more compliant with the tests. Revamped the phrase system to make it easier for us to add language pack related features in the future. Added the WidgetMenu widget type. Revamped the theme again. I'm experimenting to see which approach I like most. - Excuse the little W3C rage. Some things about CSS drive me crazy :p Tests: Added 22 bbcode_full_parse tests. Added 19 bbcode_regex_parse tests. Added 27 markdown_parse tests. Added four UserStore tests. More to come when the test database functionality is added. Added 18 name_to_slug tests. Hooks: Added the pre_render hook. Added the pre_render_forum_list hook. Added the pre_render_view_forum hook. Added the pre_render_topic_list hook. Added the pre_render_view_topic hook. Added the pre_render_profile hook. Added the pre_render_custom_page hook. Added the pre_render_overview hook. Added the pre_render_create_topic hook. Added the pre_render_account_own_edit_critical hook. Added the pre_render_account_own_edit_avatar hook. Added the pre_render_account_own_edit_username hook. Added the pre_render_account_own_edit_email hook. Added the pre_render_login hook. Added the pre_render_register hook. Added the pre_render_ban hook. Added the pre_render_panel_dashboard hook. Added the pre_render_panel_forums hook. Added the pre_render_panel_delete_forum hook. Added the pre_render_panel_edit_forum hook. Added the pre_render_panel_settings hook. Added the pre_render_panel_setting hook. Added the pre_render_panel_plugins hook. Added the pre_render_panel_users hook. Added the pre_render_panel_edit_user hook. Added the pre_render_panel_groups hook. Added the pre_render_panel_edit_group hook. Added the pre_render_panel_edit_group_perms hook. Added the pre_render_panel_themes hook. Added the pre_render_panel_mod_log hook. Added the pre_render_error hook. Added the pre_render_security_error hook. Added the create_group_preappend hook. Added the intercept_build_widgets hook. Added the simple_forum_check_pre_perms hook. Added the forum_check_pre_perms hook.
2017-07-09 12:06:04 +00:00
Authenticate(username string, password string) (uid int, err error)
Logout(w http.ResponseWriter, uid int)
ForceLogout(uid int) error
SetCookies(w http.ResponseWriter, uid int, session string)
Added the Social Groups plugin. This is still under construction. Made a few improvements to the ForumStore, including bringing it's API closer in line with the other datastores, adding stubs for future subforum functionality, and improving efficiency in a few places. The auth interface now handles all the authentication stuff. Renamed the debug config variable to debug_mode. Added the PluginPerms API. Internal Errors will now dump the stack trace in the console. Added support for installable plugins. Refactored the routing logic so that the router now handles the common PreRoute logic(exc. /static/) Added the CreateTable method to the query generator. It might need some tweaking to better support other database systems. Added the same CreateTable method to the query builder. Began work on PostgreSQL support. Added the string-string hook type Added the pre_render hook type. Added the ParentID and ParentType fields to forums. Added the get_forum_url_prefix function. Added a more generic build_slug function. Added the get_topic_url_prefix function. Added the override_perms and override_forum_perms functions for bulk setting and unsetting permissions. Added more ExtData fields in a few structs and removed them on the Perms struct as the PluginPerms API supersedes them there. Plugins can now see the router instance. The plugin initialisation handlers can now throw errors. Plugins are now initialised after all the forum's subsystems are. Refactored the unit test logic. For instance, we now use the proper .Log method rather than fmt.Println in many cases. Sorry, we'll have to break Github's generated file detection, as the build instructions aren't working, unless I put them at the top, and they're far, far more important than getting Github to recognise the generated code as generated code. Fixed an issue with mysql.go's _init_database() overwriting the dbpassword variable. Not a huge issue, but it is a "gotcha" for those not expecting a ':' at the start. Fixed an issue with forum creation where the forum permissions didn't get cached. Fixed a bug in plugin_bbcode where negative numbers in rand would crash Gosora. Made the outputs of plugin_markdown and plugin_bbcode more compliant with the tests. Revamped the phrase system to make it easier for us to add language pack related features in the future. Added the WidgetMenu widget type. Revamped the theme again. I'm experimenting to see which approach I like most. - Excuse the little W3C rage. Some things about CSS drive me crazy :p Tests: Added 22 bbcode_full_parse tests. Added 19 bbcode_regex_parse tests. Added 27 markdown_parse tests. Added four UserStore tests. More to come when the test database functionality is added. Added 18 name_to_slug tests. Hooks: Added the pre_render hook. Added the pre_render_forum_list hook. Added the pre_render_view_forum hook. Added the pre_render_topic_list hook. Added the pre_render_view_topic hook. Added the pre_render_profile hook. Added the pre_render_custom_page hook. Added the pre_render_overview hook. Added the pre_render_create_topic hook. Added the pre_render_account_own_edit_critical hook. Added the pre_render_account_own_edit_avatar hook. Added the pre_render_account_own_edit_username hook. Added the pre_render_account_own_edit_email hook. Added the pre_render_login hook. Added the pre_render_register hook. Added the pre_render_ban hook. Added the pre_render_panel_dashboard hook. Added the pre_render_panel_forums hook. Added the pre_render_panel_delete_forum hook. Added the pre_render_panel_edit_forum hook. Added the pre_render_panel_settings hook. Added the pre_render_panel_setting hook. Added the pre_render_panel_plugins hook. Added the pre_render_panel_users hook. Added the pre_render_panel_edit_user hook. Added the pre_render_panel_groups hook. Added the pre_render_panel_edit_group hook. Added the pre_render_panel_edit_group_perms hook. Added the pre_render_panel_themes hook. Added the pre_render_panel_mod_log hook. Added the pre_render_error hook. Added the pre_render_security_error hook. Added the create_group_preappend hook. Added the intercept_build_widgets hook. Added the simple_forum_check_pre_perms hook. Added the forum_check_pre_perms hook.
2017-07-09 12:06:04 +00:00
GetCookies(r *http.Request) (uid int, session string, err error)
SessionCheck(w http.ResponseWriter, r *http.Request) (user *User, halt bool)
CreateSession(uid int) (session string, err error)
}
// DefaultAuth is the default authenticator used by Gosora, may be swapped with an alternate authenticator in some situations. E.g. To support LDAP.
type DefaultAuth struct {
login *sql.Stmt
logout *sql.Stmt
updateSession *sql.Stmt
}
// NewDefaultAuth is a factory for spitting out DefaultAuths
func NewDefaultAuth() (*DefaultAuth, error) {
acc := qgen.Builder.Accumulator()
return &DefaultAuth{
login: acc.Select("users").Columns("uid, password, salt").Where("name = ?").Prepare(),
logout: acc.Update("users").Set("session = ''").Where("uid = ?").Prepare(),
updateSession: acc.Update("users").Set("session = ?").Where("uid = ?").Prepare(),
}, acc.FirstError()
}
// Authenticate checks if a specific username and password is valid and returns the UID for the corresponding user, if so. Otherwise, a user safe error.
// TODO: Find a better way of handling errors we don't want to reach the user
func (auth *DefaultAuth) Authenticate(username string, password string) (uid int, err error) {
var realPassword, salt string
err = auth.login.QueryRow(username).Scan(&uid, &realPassword, &salt)
if err == ErrNoRows {
return 0, ErrNoUserByName
} else if err != nil {
LogError(err)
return 0, ErrSecretError
}
err = CheckPassword(realPassword, password, salt)
if err == ErrMismatchedHashAndPassword {
return 0, ErrWrongPassword
} else if err != nil {
LogError(err)
return 0, ErrSecretError
}
return uid, nil
}
// ForceLogout logs the user out of every computer, not just the one they logged out of
func (auth *DefaultAuth) ForceLogout(uid int) error {
_, err := auth.logout.Exec(uid)
if err != nil {
LogError(err)
return ErrSecretError
}
// Flush the user out of the cache
Added the AboutSegment feature, you can see this in use on Cosora, it's a little raw right now, but I'm planning to polish it in the next commit. Refactored the code to use switches instead of if blocks in some places. Refactored the Dashboard to make it easier to add icons to it like I did with Cosora. You can now use maps in transpiled templates. Made progress on Cosora's footer. Swapped out the ThemeName property in the HeaderVars struct for a more general and flexible Theme property. Added the colstack CSS class to make it easier to style the layouts for the Control Panel and profile. Renamed the FStore variable to Forums. Renamed the Fpstore variable to FPStore. Renamed the Gstore variable to Groups. Split the MemoryTopicStore into DefaultTopicStore and MemoryTopicCache. Split the MemoryUserStore into DefaultUserStore and MemoryUserCache. Removed the NullUserStore, SQLUserStore, and SQLTopicStore. Added the NullTopicCache and NullUserCache. Moved the Reload method out of the TopicCache interface and into the TopicStore one. Moved the Reload method out of the UserCache interface and into the UserStore one. Added the SetCache and GetCache methods to the TopicStore and UserStore. Added the BypassGetAll method to the WordFilterMap type. Renamed routePanelSetting to routePanelSettingEdit. Renamed routePanelSettingEdit to routePanelSettingEditSubmit. Moved the page titles into the english language pack. Split main() into main and afterDBInit to avoid code duplication in general_test.go Added the ReqIsJson method so that we don't have to sniff the headers every time. Added the LogStore interface. Added the SQLModLogStore and the SQLAdminLogStore. Refactored the phrase system to use getPhrasePlaceholder instead of hard-coding the string to return in a bunch of functions. Removed a redundant rank check. Added the GuildStore to plugin_guilds. Added the about_segment_title and about_segment_body settings. Refactored the setting system to use predefined errors to make it easier for an upstream caller to filter out sensitive error messages as opposed to safe errors. Added the BypassGetAll method to the SettingMap type. Added the Update method to the SettingMap type. BulkGet is now exposed via the MemoryUserCache. Refactored more logs in the template transpiler to reduce the amount of indentation. Refactored the tests to take up fewer lines. Further improved the Cosora theme's colours, padding, and profiles. Added styling for the Control Panel Dashboard to the Cosora Theme. Reduced the amount of code duplication in the installer query generator and opened the door to certain types of auto-migrations. Refactored the Control Panel Dashboard to reduce the amount of code duplication. Refactored the modlog route to reduce the amount of code duplication and string concatenation.
2017-11-23 05:37:08 +00:00
ucache := Users.GetCache()
if ucache != nil {
ucache.Remove(uid)
}
return nil
}
// Logout logs you out of the computer you requested the logout for, but not the other computers you're logged in with
func (auth *DefaultAuth) Logout(w http.ResponseWriter, _ int) {
cookie := http.Cookie{Name: "uid", Value: "", Path: "/", MaxAge: int(Year)}
http.SetCookie(w, &cookie)
cookie = http.Cookie{Name: "session", Value: "", Path: "/", MaxAge: int(Year)}
http.SetCookie(w, &cookie)
}
// TODO: Set the cookie domain
// SetCookies sets the two cookies required for the current user to be recognised as a specific user in future requests
func (auth *DefaultAuth) SetCookies(w http.ResponseWriter, uid int, session string) {
cookie := http.Cookie{Name: "uid", Value: strconv.Itoa(uid), Path: "/", MaxAge: int(Year)}
http.SetCookie(w, &cookie)
cookie = http.Cookie{Name: "session", Value: session, Path: "/", MaxAge: int(Year)}
http.SetCookie(w, &cookie)
}
// GetCookies fetches the current user's session cookies
Added the Social Groups plugin. This is still under construction. Made a few improvements to the ForumStore, including bringing it's API closer in line with the other datastores, adding stubs for future subforum functionality, and improving efficiency in a few places. The auth interface now handles all the authentication stuff. Renamed the debug config variable to debug_mode. Added the PluginPerms API. Internal Errors will now dump the stack trace in the console. Added support for installable plugins. Refactored the routing logic so that the router now handles the common PreRoute logic(exc. /static/) Added the CreateTable method to the query generator. It might need some tweaking to better support other database systems. Added the same CreateTable method to the query builder. Began work on PostgreSQL support. Added the string-string hook type Added the pre_render hook type. Added the ParentID and ParentType fields to forums. Added the get_forum_url_prefix function. Added a more generic build_slug function. Added the get_topic_url_prefix function. Added the override_perms and override_forum_perms functions for bulk setting and unsetting permissions. Added more ExtData fields in a few structs and removed them on the Perms struct as the PluginPerms API supersedes them there. Plugins can now see the router instance. The plugin initialisation handlers can now throw errors. Plugins are now initialised after all the forum's subsystems are. Refactored the unit test logic. For instance, we now use the proper .Log method rather than fmt.Println in many cases. Sorry, we'll have to break Github's generated file detection, as the build instructions aren't working, unless I put them at the top, and they're far, far more important than getting Github to recognise the generated code as generated code. Fixed an issue with mysql.go's _init_database() overwriting the dbpassword variable. Not a huge issue, but it is a "gotcha" for those not expecting a ':' at the start. Fixed an issue with forum creation where the forum permissions didn't get cached. Fixed a bug in plugin_bbcode where negative numbers in rand would crash Gosora. Made the outputs of plugin_markdown and plugin_bbcode more compliant with the tests. Revamped the phrase system to make it easier for us to add language pack related features in the future. Added the WidgetMenu widget type. Revamped the theme again. I'm experimenting to see which approach I like most. - Excuse the little W3C rage. Some things about CSS drive me crazy :p Tests: Added 22 bbcode_full_parse tests. Added 19 bbcode_regex_parse tests. Added 27 markdown_parse tests. Added four UserStore tests. More to come when the test database functionality is added. Added 18 name_to_slug tests. Hooks: Added the pre_render hook. Added the pre_render_forum_list hook. Added the pre_render_view_forum hook. Added the pre_render_topic_list hook. Added the pre_render_view_topic hook. Added the pre_render_profile hook. Added the pre_render_custom_page hook. Added the pre_render_overview hook. Added the pre_render_create_topic hook. Added the pre_render_account_own_edit_critical hook. Added the pre_render_account_own_edit_avatar hook. Added the pre_render_account_own_edit_username hook. Added the pre_render_account_own_edit_email hook. Added the pre_render_login hook. Added the pre_render_register hook. Added the pre_render_ban hook. Added the pre_render_panel_dashboard hook. Added the pre_render_panel_forums hook. Added the pre_render_panel_delete_forum hook. Added the pre_render_panel_edit_forum hook. Added the pre_render_panel_settings hook. Added the pre_render_panel_setting hook. Added the pre_render_panel_plugins hook. Added the pre_render_panel_users hook. Added the pre_render_panel_edit_user hook. Added the pre_render_panel_groups hook. Added the pre_render_panel_edit_group hook. Added the pre_render_panel_edit_group_perms hook. Added the pre_render_panel_themes hook. Added the pre_render_panel_mod_log hook. Added the pre_render_error hook. Added the pre_render_security_error hook. Added the create_group_preappend hook. Added the intercept_build_widgets hook. Added the simple_forum_check_pre_perms hook. Added the forum_check_pre_perms hook.
2017-07-09 12:06:04 +00:00
func (auth *DefaultAuth) GetCookies(r *http.Request) (uid int, session string, err error) {
// Are there any session cookies..?
cookie, err := r.Cookie("uid")
if err != nil {
return 0, "", err
}
uid, err = strconv.Atoi(cookie.Value)
if err != nil {
return 0, "", err
}
cookie, err = r.Cookie("session")
if err != nil {
return 0, "", err
}
return uid, cookie.Value, err
}
// SessionCheck checks if a user has session cookies and whether they're valid
Added the Social Groups plugin. This is still under construction. Made a few improvements to the ForumStore, including bringing it's API closer in line with the other datastores, adding stubs for future subforum functionality, and improving efficiency in a few places. The auth interface now handles all the authentication stuff. Renamed the debug config variable to debug_mode. Added the PluginPerms API. Internal Errors will now dump the stack trace in the console. Added support for installable plugins. Refactored the routing logic so that the router now handles the common PreRoute logic(exc. /static/) Added the CreateTable method to the query generator. It might need some tweaking to better support other database systems. Added the same CreateTable method to the query builder. Began work on PostgreSQL support. Added the string-string hook type Added the pre_render hook type. Added the ParentID and ParentType fields to forums. Added the get_forum_url_prefix function. Added a more generic build_slug function. Added the get_topic_url_prefix function. Added the override_perms and override_forum_perms functions for bulk setting and unsetting permissions. Added more ExtData fields in a few structs and removed them on the Perms struct as the PluginPerms API supersedes them there. Plugins can now see the router instance. The plugin initialisation handlers can now throw errors. Plugins are now initialised after all the forum's subsystems are. Refactored the unit test logic. For instance, we now use the proper .Log method rather than fmt.Println in many cases. Sorry, we'll have to break Github's generated file detection, as the build instructions aren't working, unless I put them at the top, and they're far, far more important than getting Github to recognise the generated code as generated code. Fixed an issue with mysql.go's _init_database() overwriting the dbpassword variable. Not a huge issue, but it is a "gotcha" for those not expecting a ':' at the start. Fixed an issue with forum creation where the forum permissions didn't get cached. Fixed a bug in plugin_bbcode where negative numbers in rand would crash Gosora. Made the outputs of plugin_markdown and plugin_bbcode more compliant with the tests. Revamped the phrase system to make it easier for us to add language pack related features in the future. Added the WidgetMenu widget type. Revamped the theme again. I'm experimenting to see which approach I like most. - Excuse the little W3C rage. Some things about CSS drive me crazy :p Tests: Added 22 bbcode_full_parse tests. Added 19 bbcode_regex_parse tests. Added 27 markdown_parse tests. Added four UserStore tests. More to come when the test database functionality is added. Added 18 name_to_slug tests. Hooks: Added the pre_render hook. Added the pre_render_forum_list hook. Added the pre_render_view_forum hook. Added the pre_render_topic_list hook. Added the pre_render_view_topic hook. Added the pre_render_profile hook. Added the pre_render_custom_page hook. Added the pre_render_overview hook. Added the pre_render_create_topic hook. Added the pre_render_account_own_edit_critical hook. Added the pre_render_account_own_edit_avatar hook. Added the pre_render_account_own_edit_username hook. Added the pre_render_account_own_edit_email hook. Added the pre_render_login hook. Added the pre_render_register hook. Added the pre_render_ban hook. Added the pre_render_panel_dashboard hook. Added the pre_render_panel_forums hook. Added the pre_render_panel_delete_forum hook. Added the pre_render_panel_edit_forum hook. Added the pre_render_panel_settings hook. Added the pre_render_panel_setting hook. Added the pre_render_panel_plugins hook. Added the pre_render_panel_users hook. Added the pre_render_panel_edit_user hook. Added the pre_render_panel_groups hook. Added the pre_render_panel_edit_group hook. Added the pre_render_panel_edit_group_perms hook. Added the pre_render_panel_themes hook. Added the pre_render_panel_mod_log hook. Added the pre_render_error hook. Added the pre_render_security_error hook. Added the create_group_preappend hook. Added the intercept_build_widgets hook. Added the simple_forum_check_pre_perms hook. Added the forum_check_pre_perms hook.
2017-07-09 12:06:04 +00:00
func (auth *DefaultAuth) SessionCheck(w http.ResponseWriter, r *http.Request) (user *User, halt bool) {
uid, session, err := auth.GetCookies(r)
if err != nil {
return &GuestUser, false
Added the Social Groups plugin. This is still under construction. Made a few improvements to the ForumStore, including bringing it's API closer in line with the other datastores, adding stubs for future subforum functionality, and improving efficiency in a few places. The auth interface now handles all the authentication stuff. Renamed the debug config variable to debug_mode. Added the PluginPerms API. Internal Errors will now dump the stack trace in the console. Added support for installable plugins. Refactored the routing logic so that the router now handles the common PreRoute logic(exc. /static/) Added the CreateTable method to the query generator. It might need some tweaking to better support other database systems. Added the same CreateTable method to the query builder. Began work on PostgreSQL support. Added the string-string hook type Added the pre_render hook type. Added the ParentID and ParentType fields to forums. Added the get_forum_url_prefix function. Added a more generic build_slug function. Added the get_topic_url_prefix function. Added the override_perms and override_forum_perms functions for bulk setting and unsetting permissions. Added more ExtData fields in a few structs and removed them on the Perms struct as the PluginPerms API supersedes them there. Plugins can now see the router instance. The plugin initialisation handlers can now throw errors. Plugins are now initialised after all the forum's subsystems are. Refactored the unit test logic. For instance, we now use the proper .Log method rather than fmt.Println in many cases. Sorry, we'll have to break Github's generated file detection, as the build instructions aren't working, unless I put them at the top, and they're far, far more important than getting Github to recognise the generated code as generated code. Fixed an issue with mysql.go's _init_database() overwriting the dbpassword variable. Not a huge issue, but it is a "gotcha" for those not expecting a ':' at the start. Fixed an issue with forum creation where the forum permissions didn't get cached. Fixed a bug in plugin_bbcode where negative numbers in rand would crash Gosora. Made the outputs of plugin_markdown and plugin_bbcode more compliant with the tests. Revamped the phrase system to make it easier for us to add language pack related features in the future. Added the WidgetMenu widget type. Revamped the theme again. I'm experimenting to see which approach I like most. - Excuse the little W3C rage. Some things about CSS drive me crazy :p Tests: Added 22 bbcode_full_parse tests. Added 19 bbcode_regex_parse tests. Added 27 markdown_parse tests. Added four UserStore tests. More to come when the test database functionality is added. Added 18 name_to_slug tests. Hooks: Added the pre_render hook. Added the pre_render_forum_list hook. Added the pre_render_view_forum hook. Added the pre_render_topic_list hook. Added the pre_render_view_topic hook. Added the pre_render_profile hook. Added the pre_render_custom_page hook. Added the pre_render_overview hook. Added the pre_render_create_topic hook. Added the pre_render_account_own_edit_critical hook. Added the pre_render_account_own_edit_avatar hook. Added the pre_render_account_own_edit_username hook. Added the pre_render_account_own_edit_email hook. Added the pre_render_login hook. Added the pre_render_register hook. Added the pre_render_ban hook. Added the pre_render_panel_dashboard hook. Added the pre_render_panel_forums hook. Added the pre_render_panel_delete_forum hook. Added the pre_render_panel_edit_forum hook. Added the pre_render_panel_settings hook. Added the pre_render_panel_setting hook. Added the pre_render_panel_plugins hook. Added the pre_render_panel_users hook. Added the pre_render_panel_edit_user hook. Added the pre_render_panel_groups hook. Added the pre_render_panel_edit_group hook. Added the pre_render_panel_edit_group_perms hook. Added the pre_render_panel_themes hook. Added the pre_render_panel_mod_log hook. Added the pre_render_error hook. Added the pre_render_security_error hook. Added the create_group_preappend hook. Added the intercept_build_widgets hook. Added the simple_forum_check_pre_perms hook. Added the forum_check_pre_perms hook.
2017-07-09 12:06:04 +00:00
}
// Is this session valid..?
user, err = Users.Get(uid)
Added the Social Groups plugin. This is still under construction. Made a few improvements to the ForumStore, including bringing it's API closer in line with the other datastores, adding stubs for future subforum functionality, and improving efficiency in a few places. The auth interface now handles all the authentication stuff. Renamed the debug config variable to debug_mode. Added the PluginPerms API. Internal Errors will now dump the stack trace in the console. Added support for installable plugins. Refactored the routing logic so that the router now handles the common PreRoute logic(exc. /static/) Added the CreateTable method to the query generator. It might need some tweaking to better support other database systems. Added the same CreateTable method to the query builder. Began work on PostgreSQL support. Added the string-string hook type Added the pre_render hook type. Added the ParentID and ParentType fields to forums. Added the get_forum_url_prefix function. Added a more generic build_slug function. Added the get_topic_url_prefix function. Added the override_perms and override_forum_perms functions for bulk setting and unsetting permissions. Added more ExtData fields in a few structs and removed them on the Perms struct as the PluginPerms API supersedes them there. Plugins can now see the router instance. The plugin initialisation handlers can now throw errors. Plugins are now initialised after all the forum's subsystems are. Refactored the unit test logic. For instance, we now use the proper .Log method rather than fmt.Println in many cases. Sorry, we'll have to break Github's generated file detection, as the build instructions aren't working, unless I put them at the top, and they're far, far more important than getting Github to recognise the generated code as generated code. Fixed an issue with mysql.go's _init_database() overwriting the dbpassword variable. Not a huge issue, but it is a "gotcha" for those not expecting a ':' at the start. Fixed an issue with forum creation where the forum permissions didn't get cached. Fixed a bug in plugin_bbcode where negative numbers in rand would crash Gosora. Made the outputs of plugin_markdown and plugin_bbcode more compliant with the tests. Revamped the phrase system to make it easier for us to add language pack related features in the future. Added the WidgetMenu widget type. Revamped the theme again. I'm experimenting to see which approach I like most. - Excuse the little W3C rage. Some things about CSS drive me crazy :p Tests: Added 22 bbcode_full_parse tests. Added 19 bbcode_regex_parse tests. Added 27 markdown_parse tests. Added four UserStore tests. More to come when the test database functionality is added. Added 18 name_to_slug tests. Hooks: Added the pre_render hook. Added the pre_render_forum_list hook. Added the pre_render_view_forum hook. Added the pre_render_topic_list hook. Added the pre_render_view_topic hook. Added the pre_render_profile hook. Added the pre_render_custom_page hook. Added the pre_render_overview hook. Added the pre_render_create_topic hook. Added the pre_render_account_own_edit_critical hook. Added the pre_render_account_own_edit_avatar hook. Added the pre_render_account_own_edit_username hook. Added the pre_render_account_own_edit_email hook. Added the pre_render_login hook. Added the pre_render_register hook. Added the pre_render_ban hook. Added the pre_render_panel_dashboard hook. Added the pre_render_panel_forums hook. Added the pre_render_panel_delete_forum hook. Added the pre_render_panel_edit_forum hook. Added the pre_render_panel_settings hook. Added the pre_render_panel_setting hook. Added the pre_render_panel_plugins hook. Added the pre_render_panel_users hook. Added the pre_render_panel_edit_user hook. Added the pre_render_panel_groups hook. Added the pre_render_panel_edit_group hook. Added the pre_render_panel_edit_group_perms hook. Added the pre_render_panel_themes hook. Added the pre_render_panel_mod_log hook. Added the pre_render_error hook. Added the pre_render_security_error hook. Added the create_group_preappend hook. Added the intercept_build_widgets hook. Added the simple_forum_check_pre_perms hook. Added the forum_check_pre_perms hook.
2017-07-09 12:06:04 +00:00
if err == ErrNoRows {
return &GuestUser, false
Added the Social Groups plugin. This is still under construction. Made a few improvements to the ForumStore, including bringing it's API closer in line with the other datastores, adding stubs for future subforum functionality, and improving efficiency in a few places. The auth interface now handles all the authentication stuff. Renamed the debug config variable to debug_mode. Added the PluginPerms API. Internal Errors will now dump the stack trace in the console. Added support for installable plugins. Refactored the routing logic so that the router now handles the common PreRoute logic(exc. /static/) Added the CreateTable method to the query generator. It might need some tweaking to better support other database systems. Added the same CreateTable method to the query builder. Began work on PostgreSQL support. Added the string-string hook type Added the pre_render hook type. Added the ParentID and ParentType fields to forums. Added the get_forum_url_prefix function. Added a more generic build_slug function. Added the get_topic_url_prefix function. Added the override_perms and override_forum_perms functions for bulk setting and unsetting permissions. Added more ExtData fields in a few structs and removed them on the Perms struct as the PluginPerms API supersedes them there. Plugins can now see the router instance. The plugin initialisation handlers can now throw errors. Plugins are now initialised after all the forum's subsystems are. Refactored the unit test logic. For instance, we now use the proper .Log method rather than fmt.Println in many cases. Sorry, we'll have to break Github's generated file detection, as the build instructions aren't working, unless I put them at the top, and they're far, far more important than getting Github to recognise the generated code as generated code. Fixed an issue with mysql.go's _init_database() overwriting the dbpassword variable. Not a huge issue, but it is a "gotcha" for those not expecting a ':' at the start. Fixed an issue with forum creation where the forum permissions didn't get cached. Fixed a bug in plugin_bbcode where negative numbers in rand would crash Gosora. Made the outputs of plugin_markdown and plugin_bbcode more compliant with the tests. Revamped the phrase system to make it easier for us to add language pack related features in the future. Added the WidgetMenu widget type. Revamped the theme again. I'm experimenting to see which approach I like most. - Excuse the little W3C rage. Some things about CSS drive me crazy :p Tests: Added 22 bbcode_full_parse tests. Added 19 bbcode_regex_parse tests. Added 27 markdown_parse tests. Added four UserStore tests. More to come when the test database functionality is added. Added 18 name_to_slug tests. Hooks: Added the pre_render hook. Added the pre_render_forum_list hook. Added the pre_render_view_forum hook. Added the pre_render_topic_list hook. Added the pre_render_view_topic hook. Added the pre_render_profile hook. Added the pre_render_custom_page hook. Added the pre_render_overview hook. Added the pre_render_create_topic hook. Added the pre_render_account_own_edit_critical hook. Added the pre_render_account_own_edit_avatar hook. Added the pre_render_account_own_edit_username hook. Added the pre_render_account_own_edit_email hook. Added the pre_render_login hook. Added the pre_render_register hook. Added the pre_render_ban hook. Added the pre_render_panel_dashboard hook. Added the pre_render_panel_forums hook. Added the pre_render_panel_delete_forum hook. Added the pre_render_panel_edit_forum hook. Added the pre_render_panel_settings hook. Added the pre_render_panel_setting hook. Added the pre_render_panel_plugins hook. Added the pre_render_panel_users hook. Added the pre_render_panel_edit_user hook. Added the pre_render_panel_groups hook. Added the pre_render_panel_edit_group hook. Added the pre_render_panel_edit_group_perms hook. Added the pre_render_panel_themes hook. Added the pre_render_panel_mod_log hook. Added the pre_render_error hook. Added the pre_render_security_error hook. Added the create_group_preappend hook. Added the intercept_build_widgets hook. Added the simple_forum_check_pre_perms hook. Added the forum_check_pre_perms hook.
2017-07-09 12:06:04 +00:00
} else if err != nil {
InternalError(err, w, r)
return &GuestUser, true
Added the Social Groups plugin. This is still under construction. Made a few improvements to the ForumStore, including bringing it's API closer in line with the other datastores, adding stubs for future subforum functionality, and improving efficiency in a few places. The auth interface now handles all the authentication stuff. Renamed the debug config variable to debug_mode. Added the PluginPerms API. Internal Errors will now dump the stack trace in the console. Added support for installable plugins. Refactored the routing logic so that the router now handles the common PreRoute logic(exc. /static/) Added the CreateTable method to the query generator. It might need some tweaking to better support other database systems. Added the same CreateTable method to the query builder. Began work on PostgreSQL support. Added the string-string hook type Added the pre_render hook type. Added the ParentID and ParentType fields to forums. Added the get_forum_url_prefix function. Added a more generic build_slug function. Added the get_topic_url_prefix function. Added the override_perms and override_forum_perms functions for bulk setting and unsetting permissions. Added more ExtData fields in a few structs and removed them on the Perms struct as the PluginPerms API supersedes them there. Plugins can now see the router instance. The plugin initialisation handlers can now throw errors. Plugins are now initialised after all the forum's subsystems are. Refactored the unit test logic. For instance, we now use the proper .Log method rather than fmt.Println in many cases. Sorry, we'll have to break Github's generated file detection, as the build instructions aren't working, unless I put them at the top, and they're far, far more important than getting Github to recognise the generated code as generated code. Fixed an issue with mysql.go's _init_database() overwriting the dbpassword variable. Not a huge issue, but it is a "gotcha" for those not expecting a ':' at the start. Fixed an issue with forum creation where the forum permissions didn't get cached. Fixed a bug in plugin_bbcode where negative numbers in rand would crash Gosora. Made the outputs of plugin_markdown and plugin_bbcode more compliant with the tests. Revamped the phrase system to make it easier for us to add language pack related features in the future. Added the WidgetMenu widget type. Revamped the theme again. I'm experimenting to see which approach I like most. - Excuse the little W3C rage. Some things about CSS drive me crazy :p Tests: Added 22 bbcode_full_parse tests. Added 19 bbcode_regex_parse tests. Added 27 markdown_parse tests. Added four UserStore tests. More to come when the test database functionality is added. Added 18 name_to_slug tests. Hooks: Added the pre_render hook. Added the pre_render_forum_list hook. Added the pre_render_view_forum hook. Added the pre_render_topic_list hook. Added the pre_render_view_topic hook. Added the pre_render_profile hook. Added the pre_render_custom_page hook. Added the pre_render_overview hook. Added the pre_render_create_topic hook. Added the pre_render_account_own_edit_critical hook. Added the pre_render_account_own_edit_avatar hook. Added the pre_render_account_own_edit_username hook. Added the pre_render_account_own_edit_email hook. Added the pre_render_login hook. Added the pre_render_register hook. Added the pre_render_ban hook. Added the pre_render_panel_dashboard hook. Added the pre_render_panel_forums hook. Added the pre_render_panel_delete_forum hook. Added the pre_render_panel_edit_forum hook. Added the pre_render_panel_settings hook. Added the pre_render_panel_setting hook. Added the pre_render_panel_plugins hook. Added the pre_render_panel_users hook. Added the pre_render_panel_edit_user hook. Added the pre_render_panel_groups hook. Added the pre_render_panel_edit_group hook. Added the pre_render_panel_edit_group_perms hook. Added the pre_render_panel_themes hook. Added the pre_render_panel_mod_log hook. Added the pre_render_error hook. Added the pre_render_security_error hook. Added the create_group_preappend hook. Added the intercept_build_widgets hook. Added the simple_forum_check_pre_perms hook. Added the forum_check_pre_perms hook.
2017-07-09 12:06:04 +00:00
}
if user.Session == "" || session != user.Session {
return &GuestUser, false
Added the Social Groups plugin. This is still under construction. Made a few improvements to the ForumStore, including bringing it's API closer in line with the other datastores, adding stubs for future subforum functionality, and improving efficiency in a few places. The auth interface now handles all the authentication stuff. Renamed the debug config variable to debug_mode. Added the PluginPerms API. Internal Errors will now dump the stack trace in the console. Added support for installable plugins. Refactored the routing logic so that the router now handles the common PreRoute logic(exc. /static/) Added the CreateTable method to the query generator. It might need some tweaking to better support other database systems. Added the same CreateTable method to the query builder. Began work on PostgreSQL support. Added the string-string hook type Added the pre_render hook type. Added the ParentID and ParentType fields to forums. Added the get_forum_url_prefix function. Added a more generic build_slug function. Added the get_topic_url_prefix function. Added the override_perms and override_forum_perms functions for bulk setting and unsetting permissions. Added more ExtData fields in a few structs and removed them on the Perms struct as the PluginPerms API supersedes them there. Plugins can now see the router instance. The plugin initialisation handlers can now throw errors. Plugins are now initialised after all the forum's subsystems are. Refactored the unit test logic. For instance, we now use the proper .Log method rather than fmt.Println in many cases. Sorry, we'll have to break Github's generated file detection, as the build instructions aren't working, unless I put them at the top, and they're far, far more important than getting Github to recognise the generated code as generated code. Fixed an issue with mysql.go's _init_database() overwriting the dbpassword variable. Not a huge issue, but it is a "gotcha" for those not expecting a ':' at the start. Fixed an issue with forum creation where the forum permissions didn't get cached. Fixed a bug in plugin_bbcode where negative numbers in rand would crash Gosora. Made the outputs of plugin_markdown and plugin_bbcode more compliant with the tests. Revamped the phrase system to make it easier for us to add language pack related features in the future. Added the WidgetMenu widget type. Revamped the theme again. I'm experimenting to see which approach I like most. - Excuse the little W3C rage. Some things about CSS drive me crazy :p Tests: Added 22 bbcode_full_parse tests. Added 19 bbcode_regex_parse tests. Added 27 markdown_parse tests. Added four UserStore tests. More to come when the test database functionality is added. Added 18 name_to_slug tests. Hooks: Added the pre_render hook. Added the pre_render_forum_list hook. Added the pre_render_view_forum hook. Added the pre_render_topic_list hook. Added the pre_render_view_topic hook. Added the pre_render_profile hook. Added the pre_render_custom_page hook. Added the pre_render_overview hook. Added the pre_render_create_topic hook. Added the pre_render_account_own_edit_critical hook. Added the pre_render_account_own_edit_avatar hook. Added the pre_render_account_own_edit_username hook. Added the pre_render_account_own_edit_email hook. Added the pre_render_login hook. Added the pre_render_register hook. Added the pre_render_ban hook. Added the pre_render_panel_dashboard hook. Added the pre_render_panel_forums hook. Added the pre_render_panel_delete_forum hook. Added the pre_render_panel_edit_forum hook. Added the pre_render_panel_settings hook. Added the pre_render_panel_setting hook. Added the pre_render_panel_plugins hook. Added the pre_render_panel_users hook. Added the pre_render_panel_edit_user hook. Added the pre_render_panel_groups hook. Added the pre_render_panel_edit_group hook. Added the pre_render_panel_edit_group_perms hook. Added the pre_render_panel_themes hook. Added the pre_render_panel_mod_log hook. Added the pre_render_error hook. Added the pre_render_security_error hook. Added the create_group_preappend hook. Added the intercept_build_widgets hook. Added the simple_forum_check_pre_perms hook. Added the forum_check_pre_perms hook.
2017-07-09 12:06:04 +00:00
}
return user, false
}
// CreateSession generates a new session to allow a remote client to stay logged in as a specific user
func (auth *DefaultAuth) CreateSession(uid int) (session string, err error) {
session, err = GenerateSafeString(SessionLength)
if err != nil {
return "", err
}
_, err = auth.updateSession.Exec(session, uid)
if err != nil {
return "", err
}
// Flush the user data from the cache
Added the AboutSegment feature, you can see this in use on Cosora, it's a little raw right now, but I'm planning to polish it in the next commit. Refactored the code to use switches instead of if blocks in some places. Refactored the Dashboard to make it easier to add icons to it like I did with Cosora. You can now use maps in transpiled templates. Made progress on Cosora's footer. Swapped out the ThemeName property in the HeaderVars struct for a more general and flexible Theme property. Added the colstack CSS class to make it easier to style the layouts for the Control Panel and profile. Renamed the FStore variable to Forums. Renamed the Fpstore variable to FPStore. Renamed the Gstore variable to Groups. Split the MemoryTopicStore into DefaultTopicStore and MemoryTopicCache. Split the MemoryUserStore into DefaultUserStore and MemoryUserCache. Removed the NullUserStore, SQLUserStore, and SQLTopicStore. Added the NullTopicCache and NullUserCache. Moved the Reload method out of the TopicCache interface and into the TopicStore one. Moved the Reload method out of the UserCache interface and into the UserStore one. Added the SetCache and GetCache methods to the TopicStore and UserStore. Added the BypassGetAll method to the WordFilterMap type. Renamed routePanelSetting to routePanelSettingEdit. Renamed routePanelSettingEdit to routePanelSettingEditSubmit. Moved the page titles into the english language pack. Split main() into main and afterDBInit to avoid code duplication in general_test.go Added the ReqIsJson method so that we don't have to sniff the headers every time. Added the LogStore interface. Added the SQLModLogStore and the SQLAdminLogStore. Refactored the phrase system to use getPhrasePlaceholder instead of hard-coding the string to return in a bunch of functions. Removed a redundant rank check. Added the GuildStore to plugin_guilds. Added the about_segment_title and about_segment_body settings. Refactored the setting system to use predefined errors to make it easier for an upstream caller to filter out sensitive error messages as opposed to safe errors. Added the BypassGetAll method to the SettingMap type. Added the Update method to the SettingMap type. BulkGet is now exposed via the MemoryUserCache. Refactored more logs in the template transpiler to reduce the amount of indentation. Refactored the tests to take up fewer lines. Further improved the Cosora theme's colours, padding, and profiles. Added styling for the Control Panel Dashboard to the Cosora Theme. Reduced the amount of code duplication in the installer query generator and opened the door to certain types of auto-migrations. Refactored the Control Panel Dashboard to reduce the amount of code duplication. Refactored the modlog route to reduce the amount of code duplication and string concatenation.
2017-11-23 05:37:08 +00:00
ucache := Users.GetCache()
if ucache != nil {
ucache.Remove(uid)
}
return session, nil
}
UNSTABLE: Began work on the Nox Theme. Removed the Tempra Cursive Theme. You can now do bulk moderation actions with Shadow. Added: Argon2 as a dependency. The EmailStore. The ReportStore. The Copy method to *Setting. The AddColumn method to the query builder and adapters. The textarea setting type. More logging to better debug issues. The GetOffset method to the UserStore. Removed: Sortable from Code Climate's Analysis. MemberCheck and memberCheck as they're obsolete now. The obsolete url_tags setting. The BcryptGeneratePasswordNoSalt function. Some redundant fields from some of the page structs. Revamped: The Control Panel Setting List and Editor. Refactored: The password hashing logic to make it more amenable to multiple hashing algorithms. The email portion of the Account Manager. The Control Panel User List. The report system. simplePanelUserCheck and simpleUserCheck to remove the duplicated logic as the two do the exact same thing. Fixed: Missing slugs in the profile links in the User Manager. A few template initialisers potentially reducing the number of odd template edge cases. Some problems with the footer. Custom selection colour not applying to images on Shadow. The avatars of the bottom row of the topic list on Conflux leaking out. Other: Moved the startTime variable into package common and exported it. Moved the password hashing logic from user.go to auth.go Split common/themes.go into common/theme.go and common/theme_list.go Replaced the SettingLabels phrase category with the more generic SettingPhrases category. Moved a load of routes, including panel ones into the routes and panel packages. Hid the notifications link from the Account Menu. Moved more inline CSS into the CSS files and made things a little more flexible here and there. Continued work on PgSQL, still a ways away. Guests now have a default avatar like everyone else. Tweaked some of the font sizes on Cosora to make the text look a little nicer. Partially implemented the theme dock override logic. Partially implemented a "symlink" like feature for theme directories. ... And a bunch of other things I might have missed. You will need to run this update script / patcher for this commit. Warning: This is an "unstable commit", therefore some things may be a little less stable than I'd like. For instance, the Shadow Theme is a little broken in this commit.
2018-05-27 09:36:35 +00:00
func CheckPassword(realPassword string, password string, salt string) (err error) {
blasted := strings.Split(realPassword, "$")
prefix := blasted[0]
if len(blasted) > 1 {
prefix += "$" + blasted[1] + "$"
UNSTABLE: Began work on the Nox Theme. Removed the Tempra Cursive Theme. You can now do bulk moderation actions with Shadow. Added: Argon2 as a dependency. The EmailStore. The ReportStore. The Copy method to *Setting. The AddColumn method to the query builder and adapters. The textarea setting type. More logging to better debug issues. The GetOffset method to the UserStore. Removed: Sortable from Code Climate's Analysis. MemberCheck and memberCheck as they're obsolete now. The obsolete url_tags setting. The BcryptGeneratePasswordNoSalt function. Some redundant fields from some of the page structs. Revamped: The Control Panel Setting List and Editor. Refactored: The password hashing logic to make it more amenable to multiple hashing algorithms. The email portion of the Account Manager. The Control Panel User List. The report system. simplePanelUserCheck and simpleUserCheck to remove the duplicated logic as the two do the exact same thing. Fixed: Missing slugs in the profile links in the User Manager. A few template initialisers potentially reducing the number of odd template edge cases. Some problems with the footer. Custom selection colour not applying to images on Shadow. The avatars of the bottom row of the topic list on Conflux leaking out. Other: Moved the startTime variable into package common and exported it. Moved the password hashing logic from user.go to auth.go Split common/themes.go into common/theme.go and common/theme_list.go Replaced the SettingLabels phrase category with the more generic SettingPhrases category. Moved a load of routes, including panel ones into the routes and panel packages. Hid the notifications link from the Account Menu. Moved more inline CSS into the CSS files and made things a little more flexible here and there. Continued work on PgSQL, still a ways away. Guests now have a default avatar like everyone else. Tweaked some of the font sizes on Cosora to make the text look a little nicer. Partially implemented the theme dock override logic. Partially implemented a "symlink" like feature for theme directories. ... And a bunch of other things I might have missed. You will need to run this update script / patcher for this commit. Warning: This is an "unstable commit", therefore some things may be a little less stable than I'd like. For instance, the Shadow Theme is a little broken in this commit.
2018-05-27 09:36:35 +00:00
}
algo, ok := HashPrefixes[prefix]
if !ok {
return ErrHashNotExist
}
checker := CheckPasswordFuncs[algo]
return checker(realPassword, password, salt)
}
func GeneratePassword(password string) (hash string, salt string, err error) {
gen, ok := GeneratePasswordFuncs[DefaultHashAlgo]
if !ok {
return "", "", ErrHashNotExist
}
return gen(password)
}
func BcryptCheckPassword(realPassword string, password string, salt string) (err error) {
return bcrypt.CompareHashAndPassword([]byte(realPassword), []byte(password+salt))
}
// Note: The salt is in the hash, therefore the salt parameter is blank
func BcryptGeneratePassword(password string) (hash string, salt string, err error) {
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
return "", "", err
}
return string(hashedPassword), salt, nil
}
/*const (
argon2Time uint32 = 3
argon2Memory uint32 = 32 * 1024
argon2Threads uint8 = 4
argon2KeyLen uint32 = 32
)
func Argon2CheckPassword(realPassword string, password string, salt string) (err error) {
split := strings.Split(realPassword, "$")
// TODO: Better validation
if len(split) < 5 {
return ErrTooFewHashParams
}
realKey, _ := base64.StdEncoding.DecodeString(split[len(split)-1])
time, _ := strconv.Atoi(split[1])
memory, _ := strconv.Atoi(split[2])
threads, _ := strconv.Atoi(split[3])
keyLen, _ := strconv.Atoi(split[4])
key := argon2.Key([]byte(password), []byte(salt), uint32(time), uint32(memory), uint8(threads), uint32(keyLen))
if subtle.ConstantTimeCompare(realKey, key) != 1 {
return ErrMismatchedHashAndPassword
}
return nil
}
func Argon2GeneratePassword(password string) (hash string, salt string, err error) {
sbytes := make([]byte, SaltLength)
_, err = rand.Read(sbytes)
if err != nil {
return "", "", err
}
key := argon2.Key([]byte(password), sbytes, argon2Time, argon2Memory, argon2Threads, argon2KeyLen)
hash = base64.StdEncoding.EncodeToString(key)
return fmt.Sprintf("argon2$%d%d%d%d%s%s", argon2Time, argon2Memory, argon2Threads, argon2KeyLen, salt, hash), string(sbytes), nil
}
*/
Added the Page Manager for faster and easier custom page creation. Added the PageStore. Renamed account_own_edit.html to account_own_edit_password.html Renamed custom-page.html to custom_page.html Renamed the pre_render_custom_page hook to pre_render_tmpl_page. Added a new pre_render_custom_page hook, not to be confused with the previous one. Renamed the pre_render_account_own_edit_critical hook to pre_render_account_own_edit_password. Moved the report forum ID into a constant. Renamed todaysReportCount to topicsTopicCountByForum and made it more generic. Renamed panel-menu.html to panel_menu.html Renamed panel-inner-menu.html to panel_inner_menu.html Removed an irrelevant editable_parent in a no results row. Fixed the profile page loading the wrong profile.css Fixed a bug where the last poster avatar would break on the forum page. Added the AddNotice method to *Header. Greatly simplified many of the page struct definitions. Added the ErrorPage page struct and refactored the error pages to use it. Added the BasePanelPage page struct and refactored the panel page structs to use it. Tweaked the DefaultHeader function to set the user on the spot rather than after the fact. Simplified AccountEditAvatarSubmit into a redirect. Add the addElement closure in the control panel dashboard to reduce the amount of complexity. Tweaked LogWarning to better handle nils. Added the account_username phrase. Added the account_avatar phrase. Added the account_email phrase. Added the panel_pages phrase. Added the panel_pages_edit phrase. Added the panel_page_created phrase. Added the panel_page_updated phrase. Added the panel_page_deleted phrase. Added the account_menu_security phrase. Added the panel_menu_pages phrase. Added the panel_pages_head phrase. Added the panel_pages_edit_button_aria phrase. Added the panel_pages_delete_button_aria phrase. Added the panel_pages_no_pages phrase. Added the panel_pages_create_head phrase. Added the panel_pages_create_name phrase. Added the panel_pages_create_name_placeholder phrase. Added the panel_pages_create_title phrase. Added the panel_pages_create_title_placeholder phrase. Added the panel_pages_create_body_placeholder phrase. Added the panel_pages_create_submit_button phrase. Added the panel_pages_edit_head phrase. Added the panel_pages_name phrase. Added the panel_pages_title phrase. Added the panel_pages_edit_update_button phrase. Began work on two-factor authentication. Made more progress with the Nox Theme.
2018-06-06 00:21:22 +00:00
// TODO: Not sure if these work, test them with Google Authenticator
func GenerateGAuthSecret() (string, error) {
return GenerateSafeString(24)
}
func VerifyGAuthToken(secret string, token string) (bool, error) {
trueToken, err := gauth.GetTOTPToken(secret)
return trueToken == token, err
}