From 70720a0868eb6bd05ca07ca421668859e0fac5b2 Mon Sep 17 00:00:00 2001 From: Untone Date: Thu, 4 Jan 2024 09:26:03 +0300 Subject: [PATCH] isolated --- server/crypto/common.go | 21 ++++++++++++++++++++- server/resolvers/login.go | 4 ++-- server/resolvers/mobile_login.go | 4 ++-- server/resolvers/update_profile.go | 4 +--- server/token/admin_token.go | 3 +-- 5 files changed, 26 insertions(+), 10 deletions(-) diff --git a/server/crypto/common.go b/server/crypto/common.go index 91aed06..55dde66 100644 --- a/server/crypto/common.go +++ b/server/crypto/common.go @@ -1,7 +1,9 @@ package crypto import ( + "crypto/sha256" "crypto/x509" + "encoding/hex" "encoding/json" "github.com/authorizerdev/authorizer/server/constants" @@ -125,9 +127,26 @@ func EncryptEnvData(data map[string]interface{}) (string, error) { return EncryptB64(string(encryptedConfig)), nil } +// getSHA256 calculates the SHA-256 hash of a string +func getSHA256(input string) string { + hash := sha256.New() + hash.Write([]byte(input)) + return hex.EncodeToString(hash.Sum(nil)) +} + +// VerifyPassword compares a stored hashed password with a user-provided password +func VerifyPassword(storedHashedPassword, userProvidedPassword string) error { + passwordSHA256 := getSHA256(userProvidedPassword) + // CompareHashAndPassword returns nil on success + err := bcrypt.CompareHashAndPassword([]byte(storedHashedPassword), []byte(passwordSHA256)) + return err +} + // EncryptPassword is used for encrypting password func EncryptPassword(password string) (string, error) { - pw, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) + // Try to generate bcrypt hash + passwordSHA256 := getSHA256(password) + pw, err := bcrypt.GenerateFromPassword([]byte(passwordSHA256), bcrypt.DefaultCost) if err != nil { return "", err } diff --git a/server/resolvers/login.go b/server/resolvers/login.go index 2db4209..10da9c1 100644 --- a/server/resolvers/login.go +++ b/server/resolvers/login.go @@ -7,13 +7,13 @@ import ( "time" "github.com/google/uuid" - "golang.org/x/crypto/bcrypt" log "github.com/sirupsen/logrus" "github.com/authorizerdev/authorizer/server/authenticators" "github.com/authorizerdev/authorizer/server/constants" "github.com/authorizerdev/authorizer/server/cookie" + crypto "github.com/authorizerdev/authorizer/server/crypto" "github.com/authorizerdev/authorizer/server/db" "github.com/authorizerdev/authorizer/server/db/models" mailService "github.com/authorizerdev/authorizer/server/email" @@ -104,7 +104,7 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes return res, fmt.Errorf(`phone number is not verified`) } } - err = bcrypt.CompareHashAndPassword([]byte(*user.Password), []byte(params.Password)) + err = crypto.VerifyPassword(*user.Password, params.Password) if err != nil { log.Debug("Failed to compare password: ", err) return res, fmt.Errorf(`bad user credentials`) diff --git a/server/resolvers/mobile_login.go b/server/resolvers/mobile_login.go index c3ab934..771aec7 100644 --- a/server/resolvers/mobile_login.go +++ b/server/resolvers/mobile_login.go @@ -8,10 +8,10 @@ import ( "github.com/google/uuid" log "github.com/sirupsen/logrus" - "golang.org/x/crypto/bcrypt" "github.com/authorizerdev/authorizer/server/constants" "github.com/authorizerdev/authorizer/server/cookie" + "github.com/authorizerdev/authorizer/server/crypto" "github.com/authorizerdev/authorizer/server/db" "github.com/authorizerdev/authorizer/server/db/models" "github.com/authorizerdev/authorizer/server/graph/model" @@ -69,7 +69,7 @@ func MobileLoginResolver(ctx context.Context, params model.MobileLoginInput) (*m return res, fmt.Errorf(`phone number is not verified`) } - err = bcrypt.CompareHashAndPassword([]byte(*user.Password), []byte(params.Password)) + err = crypto.VerifyPassword(*user.Password, params.Password) if err != nil { log.Debug("Failed to compare password: ", err) diff --git a/server/resolvers/update_profile.go b/server/resolvers/update_profile.go index 3b9af37..a33d15a 100644 --- a/server/resolvers/update_profile.go +++ b/server/resolvers/update_profile.go @@ -8,8 +8,6 @@ import ( "strings" "time" - "golang.org/x/crypto/bcrypt" - log "github.com/sirupsen/logrus" "github.com/authorizerdev/authorizer/server/constants" @@ -163,7 +161,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput) } if isPasswordChanging && user.Password != nil && params.OldPassword != nil { - if err = bcrypt.CompareHashAndPassword([]byte(refs.StringValue(user.Password)), []byte(refs.StringValue(params.OldPassword))); err != nil { + if err = crypto.VerifyPassword(refs.StringValue(user.Password), refs.StringValue(params.OldPassword)); err != nil { log.Debug("Failed to compare hash and old password: ", err) return res, fmt.Errorf("incorrect old password") } diff --git a/server/token/admin_token.go b/server/token/admin_token.go index 9dcbeb3..6e4bed7 100644 --- a/server/token/admin_token.go +++ b/server/token/admin_token.go @@ -8,7 +8,6 @@ import ( "github.com/authorizerdev/authorizer/server/crypto" "github.com/authorizerdev/authorizer/server/memorystore" "github.com/gin-gonic/gin" - "golang.org/x/crypto/bcrypt" ) // CreateAdminAuthToken creates the admin token based on secret key @@ -31,7 +30,7 @@ func GetAdminAuthToken(gc *gin.Context) (string, error) { if err != nil { return "", err } - err = bcrypt.CompareHashAndPassword([]byte(token), []byte(adminSecret)) + err = crypto.VerifyPassword(token, adminSecret) if err != nil { return "", fmt.Errorf(`unauthorized`)