scsusers/auth.go

package scsusers

import (
	"fmt"
	"log"
	"strconv"
	"strings"
	"time"

	"golang.org/x/crypto/bcrypt"
)

func Login(username, password string) bool {
	u, ok := Get(username)
	if !ok {
		return false
	}
	if bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(password)) != nil {
		rc, ok := u.Get("recoverycode")
		if !ok {
			log.Println("No recovery code")
			return false
		}
		log.Printf("Checking against recovery code %s", rc)
		if bcrypt.CompareHashAndPassword([]byte(rc), []byte(password)) != nil {
			log.Printf("scsusers.Login: Failed password for " + username)
			return false
		}
		tmp, ok := u.Get("recoverytime")
		if !ok {
			log.Printf("scsusers.Login: recoverytime missing " + username)
			return false
		}
		rt, _ := strconv.ParseInt(tmp, 10, 64)
		if time.Now().Unix() > rt {
			log.Printf("scsusers.Login: recovery time expired")
			return false
		}
		u.SetPassword([]byte(rc))
		u.Delete("recoverycode")
		u.Delete("recoverytime")
	}
	log.Printf("User %s logged in\n", username)
	return true
}

func (u *UserData) SetPassword(newcrypt []byte) bool {
	q := fmt.Sprintf("update %s_users set password=? where id=? limit 1", c.TablePrefix)
	_, err := c.db.Exec(q, newcrypt, u.UserID)
	if err != nil {
		log.Printf("scsusers.SetPassword: update failed for %s: %s\n", u.Username, err.Error())
		return false
	}
	return true
}

func (u *UserData) ChangePassword(oldpass, newpass string) bool {
	if bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(oldpass)) != nil {
		log.Printf("scsusers.ChangePassword: Failed password for %s\n", u.Username)
		return false
	}
	newcrypt, err := bcrypt.GenerateFromPassword([]byte(newpass), 10)
	if err != nil {
		log.Printf("scsusers.ChangePassword: generate: %s", err.Error())
		return false
	}
	return u.SetPassword(newcrypt)
}

func (u *UserData) Suspend() bool {
	var hash string
	u.Set("status", "inactive")
	q := fmt.Sprintf("select password from %s_users where id=? limit 1", c.TablePrefix)
	err := c.db.Get(&hash, q, u.UserID)
	if err != nil {
		return false
	}
	if strings.HasPrefix(hash, "*") {
		return true
	}
	newhash := "*" + hash
	q = fmt.Sprintf("update %s_users set password=? where id=?", c.TablePrefix)
	_, err = c.db.Exec(q, newhash, u.UserID)
	return err == nil
}

func (u *UserData) Unsuspend() bool {
	var hash string
	u.Set("status", "active")
	q := fmt.Sprintf("select password from %s_users where id=? limit 1", c.TablePrefix)
	err := c.db.Get(&hash, q, u.UserID)
	if err != nil {
		return false
	}
	if !strings.HasPrefix(hash, "*") {
		return true
	}
	newhash := strings.TrimPrefix(hash, "*")
	q = fmt.Sprintf("update %s_users set password=? where id=?", c.TablePrefix)
	_, err = c.db.Exec(q, newhash, u.UserID)
	return err == nil
}
validate 2fa. more cleanups 2023-09-26 20:45:19 +00:00			`package scsusers`

			`import (`
			`"fmt"`
			`"log"`
rework recovery email 2023-10-06 23:06:54 +00:00			`"strconv"`
add suspend and unsuspend calls 2023-12-13 20:46:02 +00:00			`"strings"`
rework recovery email 2023-10-06 23:06:54 +00:00			`"time"`
validate 2fa. more cleanups 2023-09-26 20:45:19 +00:00
			`"golang.org/x/crypto/bcrypt"`
			`)`

			`func Login(username, password string) bool {`
			`u, ok := Get(username)`
			`if !ok {`
			`return false`
			`}`
			`if bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(password)) != nil {`
rework recovery email 2023-10-06 23:06:54 +00:00			`rc, ok := u.Get("recoverycode")`
more 2023-10-07 14:20:01 +00:00			`if !ok {`
			`log.Println("No recovery code")`
			`return false`
			`}`
			`log.Printf("Checking against recovery code %s", rc)`
more 2023-10-07 14:21:55 +00:00			`if bcrypt.CompareHashAndPassword([]byte(rc), []byte(password)) != nil {`
rework recovery email 2023-10-06 23:06:54 +00:00			`log.Printf("scsusers.Login: Failed password for " + username)`
			`return false`
			`}`
			`tmp, ok := u.Get("recoverytime")`
			`if !ok {`
			`log.Printf("scsusers.Login: recoverytime missing " + username)`
			`return false`
			`}`
			`rt, _ := strconv.ParseInt(tmp, 10, 64)`
			`if time.Now().Unix() > rt {`
			`log.Printf("scsusers.Login: recovery time expired")`
			`return false`
			`}`
more 2023-10-07 14:42:06 +00:00			`u.SetPassword([]byte(rc))`
crypt recovery 2023-10-07 13:55:21 +00:00			`u.Delete("recoverycode")`
rework recovery email 2023-10-06 23:06:54 +00:00			`u.Delete("recoverytime")`
validate 2fa. more cleanups 2023-09-26 20:45:19 +00:00			`}`
			`log.Printf("User %s logged in\n", username)`
			`return true`
			`}`

more 2023-10-07 14:42:06 +00:00			`func (u *UserData) SetPassword(newcrypt []byte) bool {`
more 2023-10-09 15:42:54 +00:00			`q := fmt.Sprintf("update %s_users set password=? where id=? limit 1", c.TablePrefix)`
more 2023-10-07 14:42:06 +00:00			`_, err := c.db.Exec(q, newcrypt, u.UserID)`
			`if err != nil {`
more 2023-10-09 15:39:00 +00:00			`log.Printf("scsusers.SetPassword: update failed for %s: %s\n", u.Username, err.Error())`
more 2023-10-07 14:42:06 +00:00			`return false`
			`}`
			`return true`
			`}`

validate 2fa. more cleanups 2023-09-26 20:45:19 +00:00			`func (u *UserData) ChangePassword(oldpass, newpass string) bool {`
			`if bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(oldpass)) != nil {`
			`log.Printf("scsusers.ChangePassword: Failed password for %s\n", u.Username)`
			`return false`
			`}`
			`newcrypt, err := bcrypt.GenerateFromPassword([]byte(newpass), 10)`
			`if err != nil {`
			`log.Printf("scsusers.ChangePassword: generate: %s", err.Error())`
			`return false`
			`}`
more 2023-10-07 14:42:06 +00:00			`return u.SetPassword(newcrypt)`
validate 2fa. more cleanups 2023-09-26 20:45:19 +00:00			`}`
add suspend and unsuspend calls 2023-12-13 20:46:02 +00:00
			`func (u *UserData) Suspend() bool {`
			`var hash string`
			`u.Set("status", "inactive")`
			`q := fmt.Sprintf("select password from %s_users where id=? limit 1", c.TablePrefix)`
			`err := c.db.Get(&hash, q, u.UserID)`
			`if err != nil {`
			`return false`
			`}`
			`if strings.HasPrefix(hash, "*") {`
			`return true`
			`}`
			`newhash := "*" + hash`
			`q = fmt.Sprintf("update %s_users set password=? where id=?", c.TablePrefix)`
			`_, err = c.db.Exec(q, newhash, u.UserID)`
			`return err == nil`
			`}`

			`func (u *UserData) Unsuspend() bool {`
			`var hash string`
			`u.Set("status", "active")`
			`q := fmt.Sprintf("select password from %s_users where id=? limit 1", c.TablePrefix)`
			`err := c.db.Get(&hash, q, u.UserID)`
			`if err != nil {`
			`return false`
			`}`
			`if !strings.HasPrefix(hash, "*") {`
			`return true`
			`}`
			`newhash := strings.TrimPrefix(hash, "*")`
			`q = fmt.Sprintf("update %s_users set password=? where id=?", c.TablePrefix)`
			`_, err = c.db.Exec(q, newhash, u.UserID)`
			`return err == nil`
			`}`