crypt recovery

2023-10-07 09:55:21 -04:00 · 2023-10-07 09:55:21 -04:00 · 8aeab8bb3e
parent cab4cd536f
commit 8aeab8bb3e
4 changed files with 10 additions and 6 deletions
--- a/auth.go
+++ b/auth.go
@ -30,7 +30,7 @@ func Login(username, password string) bool {
 			log.Printf("scsusers.Login: recovery time expired")
 			return false
 		}
-		u.Delete("recoverykey")
+		u.Delete("recoverycode")
 		u.Delete("recoverytime")
 	}
 	log.Printf("User %s logged in\n", username)
--- a/meta.go
+++ b/meta.go
@ -23,7 +23,6 @@ func (u *UserData) LoadMeta() bool {
 		var m metadata
 		rows.Scan(&m.Key, &m.Value, &m.ID)
 		u.Meta[m.Key] = m
-		log.Printf("Loaded meta key %s id %d value %s", m.Key, m.ID, m.Value)
 	}
 	return true

--- a/password.go
+++ b/password.go
@ -3,7 +3,6 @@ package scsusers
 import (
 	"crypto/rand"
 	"encoding/base32"
-	"log"
 	mr "math/rand"
 	"time"
 	"unicode"
@ -23,7 +22,6 @@ func scrambleCase(in []byte) []byte {
 			out = append(out, byte(x))
 		}
 	}
-	log.Printf("scrambleCase in %s out %s", in, out)
 	return out
 }

--- a/recovery.go
+++ b/recovery.go
@ -4,6 +4,8 @@ import (
 	"fmt"
 	"log"
 	"time"
+
+	"golang.org/x/crypto/bcrypt"
 )


@ -12,12 +14,17 @@ func RecoverByEmail(email string) {
 	if !ok {
 		return
 	}
-	log.Printf("%#v", u)
 	recoverycode := generatePassword(16)
 	u.Delete("recoverycode")
 	u.Delete("recoverytime")

-	u.Set("recoverycode", string(recoverycode))
+	crypt, err := bcrypt.GenerateFromPassword(recoverycode, 10)
+	if err != nil {
+		log.Println("pass generation failed")
+		return
+	}
+
+	u.Set("recoverycode", string(crypt))
 	u.Set("recoverytime", fmt.Sprintf("%d", time.Now().Add(time.Minute*60).Unix()))

 	SendRecoveryEmail(email, email, string(recoverycode))