save bytes
This commit is contained in:
parent
22af6f19cd
commit
709b0d5541
|
@ -17,7 +17,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/Azareal/Gosora/common/gauth"
|
||||
"github.com/Azareal/Gosora/query_gen"
|
||||
qgen "github.com/Azareal/Gosora/query_gen"
|
||||
|
||||
//"golang.org/x/crypto/argon2"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
|
@ -66,16 +66,16 @@ var HashPrefixes = map[string]string{
|
|||
|
||||
// AuthInt is the main authentication interface.
|
||||
type AuthInt interface {
|
||||
Authenticate(username string, password string) (uid int, err error, requiresExtraAuth bool)
|
||||
Authenticate(name, password string) (uid int, err error, requiresExtraAuth bool)
|
||||
ValidateMFAToken(mfaToken string, uid int) error
|
||||
Logout(w http.ResponseWriter, uid int)
|
||||
ForceLogout(uid int) error
|
||||
SetCookies(w http.ResponseWriter, uid int, session string)
|
||||
SetProvisionalCookies(w http.ResponseWriter, uid int, session string, signedSession string) // To avoid logging someone in until they've passed the MFA check
|
||||
SetProvisionalCookies(w http.ResponseWriter, uid int, session, signedSession string) // To avoid logging someone in until they've passed the MFA check
|
||||
GetCookies(r *http.Request) (uid int, session string, err error)
|
||||
SessionCheck(w http.ResponseWriter, r *http.Request) (user *User, halt bool)
|
||||
SessionCheck(w http.ResponseWriter, r *http.Request) (u *User, halt bool)
|
||||
CreateSession(uid int) (session string, err error)
|
||||
CreateProvisionalSession(uid int) (provSession string, signedSession string, err error) // To avoid logging someone in until they've passed the MFA check
|
||||
CreateProvisionalSession(uid int) (provSession, signedSession string, err error) // To avoid logging someone in until they've passed the MFA check
|
||||
}
|
||||
|
||||
// DefaultAuth is the default authenticator used by Gosora, may be swapped with an alternate authenticator in some situations. E.g. To support LDAP.
|
||||
|
@ -98,9 +98,9 @@ func NewDefaultAuth() (*DefaultAuth, error) {
|
|||
// Authenticate checks if a specific username and password is valid and returns the UID for the corresponding user, if so. Otherwise, a user safe error.
|
||||
// IF MFA is enabled, then pass it back a flag telling the caller that authentication isn't complete yet
|
||||
// TODO: Find a better way of handling errors we don't want to reach the user
|
||||
func (auth *DefaultAuth) Authenticate(username string, password string) (uid int, err error, requiresExtraAuth bool) {
|
||||
func (auth *DefaultAuth) Authenticate(name string, password string) (uid int, err error, requiresExtraAuth bool) {
|
||||
var realPassword, salt string
|
||||
err = auth.login.QueryRow(username).Scan(&uid, &realPassword, &salt)
|
||||
err = auth.login.QueryRow(name).Scan(&uid, &realPassword, &salt)
|
||||
if err == ErrNoRows {
|
||||
return 0, ErrNoUserByName, false
|
||||
} else if err != nil {
|
||||
|
@ -295,7 +295,7 @@ func (auth *DefaultAuth) CreateProvisionalSession(uid int) (provSession string,
|
|||
return provSession, hex.EncodeToString(h.Sum(nil)), nil
|
||||
}
|
||||
|
||||
func CheckPassword(realPassword string, password string, salt string) (err error) {
|
||||
func CheckPassword(realPassword, password, salt string) (err error) {
|
||||
blasted := strings.Split(realPassword, "$")
|
||||
prefix := blasted[0]
|
||||
if len(blasted) > 1 {
|
||||
|
@ -309,7 +309,7 @@ func CheckPassword(realPassword string, password string, salt string) (err error
|
|||
return checker(realPassword, password, salt)
|
||||
}
|
||||
|
||||
func GeneratePassword(password string) (hash string, salt string, err error) {
|
||||
func GeneratePassword(password string) (hash, salt string, err error) {
|
||||
gen, ok := GeneratePasswordFuncs[DefaultHashAlgo]
|
||||
if !ok {
|
||||
return "", "", ErrHashNotExist
|
||||
|
@ -317,12 +317,12 @@ func GeneratePassword(password string) (hash string, salt string, err error) {
|
|||
return gen(password)
|
||||
}
|
||||
|
||||
func BcryptCheckPassword(realPassword string, password string, salt string) (err error) {
|
||||
func BcryptCheckPassword(realPassword, password, salt string) (err error) {
|
||||
return bcrypt.CompareHashAndPassword([]byte(realPassword), []byte(password+salt))
|
||||
}
|
||||
|
||||
// Note: The salt is in the hash, therefore the salt parameter is blank
|
||||
func BcryptGeneratePassword(password string) (hash string, salt string, err error) {
|
||||
func BcryptGeneratePassword(password string) (hash, salt string, err error) {
|
||||
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
|
@ -337,7 +337,7 @@ func BcryptGeneratePassword(password string) (hash string, salt string, err erro
|
|||
argon2KeyLen uint32 = 32
|
||||
)
|
||||
|
||||
func Argon2CheckPassword(realPassword string, password string, salt string) (err error) {
|
||||
func Argon2CheckPassword(realPassword, password, salt string) (err error) {
|
||||
split := strings.Split(realPassword, "$")
|
||||
// TODO: Better validation
|
||||
if len(split) < 5 {
|
||||
|
@ -355,7 +355,7 @@ func Argon2CheckPassword(realPassword string, password string, salt string) (err
|
|||
return nil
|
||||
}
|
||||
|
||||
func Argon2GeneratePassword(password string) (hash string, salt string, err error) {
|
||||
func Argon2GeneratePassword(password string) (hash, salt string, err error) {
|
||||
sbytes := make([]byte, SaltLength)
|
||||
_, err = rand.Read(sbytes)
|
||||
if err != nil {
|
||||
|
@ -380,7 +380,7 @@ func FriendlyGAuthSecret(secret string) (out string) {
|
|||
func GenerateGAuthSecret() (string, error) {
|
||||
return GenerateStd32SafeString(14)
|
||||
}
|
||||
func VerifyGAuthToken(secret string, token string) (bool, error) {
|
||||
func VerifyGAuthToken(secret, token string) (bool, error) {
|
||||
trueToken, err := gauth.GetTOTPToken(secret)
|
||||
return subtle.ConstantTimeCompare([]byte(trueToken), []byte(token)) == 1, err
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ for(let i = 0; item = items[i]; i++) menuItems[i] = item.getAttribute("data-miid
|
|||
|
||||
Sortable.create(document.getElementById("panel_menu_item_holder"), {
|
||||
sort: true,
|
||||
onEnd: (evt) => {
|
||||
onEnd: evt => {
|
||||
console.log("pre menuItems",menuItems)
|
||||
console.log("evt",evt)
|
||||
let oldMiid = menuItems[evt.newIndex];
|
||||
|
@ -37,8 +37,8 @@ document.getElementById("panel_menu_items_order_button").addEventListener("click
|
|||
pushNotice(phraseBox["panel"]["panel.themes_menus_items_order_updated"]);
|
||||
if(resp.success==1) return;
|
||||
}
|
||||
} catch(ex) {
|
||||
console.error("ex", ex)
|
||||
} catch(e) {
|
||||
console.error("e",e)
|
||||
}
|
||||
console.trace();
|
||||
}
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
<div class="rowblock topic_reply_form quick_create_form"aria-label="{{lang "topic.reply_aria"}}">
|
||||
<form id="quick_post_form"enctype="multipart/form-data"action="/reply/create/?s={{.CurrentUser.Session}}"method="post"></form>
|
||||
<input form="quick_post_form"name="tid"value='{{.Topic.ID}}'type="hidden">
|
||||
<input form="quick_post_form" id="has_poll_input" name="has_poll" value=0 type="hidden">
|
||||
<input form="quick_post_form"id="has_poll_input"name="has_poll"type="hidden"value=0>
|
||||
<div class="formrow real_first_child">
|
||||
<div class="formitem">
|
||||
<textarea id="input_content"form="quick_post_form"name="content"placeholder="{{lang "topic.reply_content_alt"}}" required></textarea>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{{template "header.html" . }}
|
||||
<main id="topicsItemList" itemscope itemtype="http://schema.org/ItemList">
|
||||
{{if not .CurrentUser.Loggedin}}<link rel="canonical"href="//{{.Site.URL}}/topics/{{if eq .Sort.SortBy "mostviewed"}}most-viewed/{{end}}{{if gt .Page 1}}?page={{.Page}}{{end}}"/>{{end}}
|
||||
{{if not .CurrentUser.Loggedin}}<link rel="canonical"href="//{{.Site.URL}}/topics/{{if eq .Sort.SortBy "mostviewed"}}most-viewed/{{end}}{{if gt .Page 1}}?page={{.Page}}{{end}}">{{end}}
|
||||
|
||||
<div class="rowblock rowhead topic_list_title_block{{if .CurrentUser.Loggedin}} has_opt{{end}}">
|
||||
<div class="rowitem topic_list_title"><h1 itemprop="name">{{.Title}}</h1></div>
|
||||
|
@ -59,7 +59,7 @@
|
|||
<div class="topic_meta">
|
||||
<div class="formrow topic_board_row real_first_child">
|
||||
<div class="formitem"><select form="quick_post_form" id="topic_board_input" name="board">
|
||||
{{range .ForumList}}<option{{if eq .ID $.DefaultForum}} selected{{end}} value="{{.ID}}">{{.Name}}</option>{{end}}
|
||||
{{range .ForumList}}<option value="{{.ID}}"{{if eq .ID $.DefaultForum}}selected{{end}}>{{.Name}}</option>{{end}}
|
||||
</select></div>
|
||||
</div>
|
||||
<div class="formrow topic_name_row">
|
||||
|
|
Loading…
Reference in New Issue