Clean up log output. Add account status check
This commit is contained in:
scs
74
main.go
74
main.go
@@ -72,62 +72,84 @@ func Register(username, email, ip string) bool {
|
|||||||
if !UsernameAvailable(username) {
|
if !UsernameAvailable(username) {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
log.Println("getting random bytes")
|
|
||||||
pass := randBytes(16)
|
pass := randBytes(16)
|
||||||
log.Println("Generating hash")
|
|
||||||
crypt, err := bcrypt.GenerateFromPassword(pass, 10)
|
crypt, err := bcrypt.GenerateFromPassword(pass, 10)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Bcrypt GenerateFromPassword failed? Pass is %s and error is %s\n", pass, err.Error())
|
log.Printf("scsusers.Register: Bcrypt GenerateFromPassword failed? Pass is %s and error is %s\n", pass, err.Error())
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
fmt.Println("db insert")
|
|
||||||
q := fmt.Sprintf("insert into %s_auth (username, email, password, registration_date, registration_ip) values ($1, $2, $3, CURRENT_TIMESTAMP, $4)", c.TablePrefix)
|
q := fmt.Sprintf("insert into %s_auth (username, email, password, registration_date, registration_ip) values ($1, $2, $3, CURRENT_TIMESTAMP, $4)", c.TablePrefix)
|
||||||
_, err = c.db.Exec(q, username, email, crypt, ip)
|
_, err = c.db.Exec(q, username, email, crypt, ip)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Register: insert failed: " + err.Error())
|
log.Printf("scsusers.Register: insert failed: %s\n", err.Error())
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if sendRegistrationEmail(email, username, string(pass)) {
|
if sendRegistrationEmail(email, username, string(pass)) {
|
||||||
|
log.Printf("scsusers.Register: New user registration: %s from %s\n", username, ip)
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
log.Println("Failed to send registration email, deleting user.")
|
log.Printf("scsusers.Register: Failed to send registration email, deleting user %s\n", username)
|
||||||
q=fmt.Sprintf("delete from %s_auth where username=$1 AND password=$2", c.TablePrefix)
|
q=fmt.Sprintf("delete from %s_auth where username=$1 AND password=$2", c.TablePrefix)
|
||||||
_,err = c.db.Exec(q, username, string(crypt))
|
_,err = c.db.Exec(q, username, string(crypt))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Failed to delete new user " + username + " : " + err.Error())
|
log.Printf("scsusers.Register: Failed to delete new user %s: %s\n", username, err.Error())
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func Login(username, password string) bool {
|
func Login(username, password string) bool {
|
||||||
log.Println("Attempting login for "+ username)
|
log.Printf("scsusers.Login: Attempting login for %s\n", username)
|
||||||
q:=fmt.Sprintf("select password from %s_auth where username=$1",c.TablePrefix)
|
q:=fmt.Sprintf("select password from %s_auth where username=$1 AND status='active'",c.TablePrefix)
|
||||||
var crypt string
|
var crypt string
|
||||||
err:=c.db.Get(&crypt, q, username)
|
err:=c.db.Get(&crypt, q, username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Failed login attempt for unknown username: " + username)
|
log.Printf("scsusers.Login: Failed login attempt for unknown username: %s\n", username)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
if bcrypt.CompareHashAndPassword([]byte(crypt), []byte(password)) != nil {
|
if bcrypt.CompareHashAndPassword([]byte(crypt), []byte(password)) != nil {
|
||||||
log.Println("Failed password for " + username)
|
log.Printf("scsusers.Login: Failed password for " + username)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
Bump(username)
|
Bump(username)
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func ChangePassword(username, oldpass, newpass string) bool {
|
||||||
|
log.Println("scsusers.ChangePassword: Attempting password change for "+ username)
|
||||||
|
q:=fmt.Sprintf("select password from %s_auth where username=$1 AND status='active'",c.TablePrefix)
|
||||||
|
var crypt string
|
||||||
|
err:=c.db.Get(&crypt, q, username)
|
||||||
|
if err != nil {
|
||||||
|
log.Println("scsusers.ChangePassword: Failed change attempt for unknown username: " + username)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if bcrypt.CompareHashAndPassword([]byte(crypt), []byte(oldpass)) != nil {
|
||||||
|
log.Printf("scsusers.ChangePassword: Failed password for %s\n", username)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
newcrypt, err := bcrypt.GenerateFromPassword([]byte(newpass), 10)
|
||||||
|
q=fmt.Sprintf("update %s_auth set password=$2 where username=$1", c.TablePrefix)
|
||||||
|
_,err=c.db.Exec(q, username, newcrypt)
|
||||||
|
if err!= nil {
|
||||||
|
log.Printf("scsusers.ChangePassword: update failed for %s: %s\n", username, err.Error())
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
Bump(username)
|
||||||
|
return true
|
||||||
|
|
||||||
|
}
|
||||||
func LoadUser(username string) (UserData, error) {
|
func LoadUser(username string) (UserData, error) {
|
||||||
var u UserData
|
var u UserData
|
||||||
q:=fmt.Sprintf("select data from %s_userdata where username=$1", c.TablePrefix)
|
q:=fmt.Sprintf("select data from %s_userdata where username=$1", c.TablePrefix)
|
||||||
var d string
|
var d string
|
||||||
err:=c.db.Get(d, q, username)
|
err:=c.db.Get(d, q, username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Error loading user: " + err.Error())
|
log.Printf("scsusers.LoadUser: Error loading user: %s : %s\n", username, err.Error())
|
||||||
return u, err
|
return u, err
|
||||||
}
|
}
|
||||||
err=json.Unmarshal([]byte(d), &u)
|
err=json.Unmarshal([]byte(d), &u)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Error decoding json on user %s. Unmarshal returned %s\n", err.Error())
|
log.Printf("scsusers.LoadUser: Error decoding json on user %s. Unmarshal returned %s\n", username, err.Error())
|
||||||
}
|
}
|
||||||
return u,err
|
return u,err
|
||||||
}
|
}
|
||||||
@@ -136,12 +158,12 @@ func SaveUser(username string, d UserData) bool {
|
|||||||
q:=fmt.Sprintf("update %s_userdata set data=$1 where username=$2")
|
q:=fmt.Sprintf("update %s_userdata set data=$1 where username=$2")
|
||||||
j, err:=json.Marshal(d)
|
j, err:=json.Marshal(d)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("SaveUser: json.Marshal failed for username %s : %s\n", username, err.Error())
|
log.Printf("scsusers.SaveUser: json.Marshal failed for username %s : %s\n", username, err.Error())
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
_, err=c.db.Exec(q, username, j)
|
_, err=c.db.Exec(q, username, j)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Saveuser: db.Exec failed for username %s : %s\n", username, err.Error())
|
log.Printf("scsusers.SaveUser: db.Exec failed for username %s : %s\n", username, err.Error())
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
@@ -152,7 +174,7 @@ func Bump(username string) {
|
|||||||
q:=fmt.Sprintf("update %s_auth set lastseen=CURRENT_TIMESTAMP where username=$1", c.TablePrefix)
|
q:=fmt.Sprintf("update %s_auth set lastseen=CURRENT_TIMESTAMP where username=$1", c.TablePrefix)
|
||||||
_, err :=c.db.Exec(q, username)
|
_, err :=c.db.Exec(q, username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Error on user bump: " + err.Error())
|
log.Printf("scsusers.Bump: Error on user bump: %s : %s\n", username, err.Error())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
func RecoverByUsername(u string) {
|
func RecoverByUsername(u string) {
|
||||||
@@ -210,13 +232,13 @@ func sendRegistrationEmail(recipient, username, password string) bool {
|
|||||||
var body bytes.Buffer
|
var body bytes.Buffer
|
||||||
err := c.Templates.Registration.Execute(&body, data)
|
err := c.Templates.Registration.Execute(&body, data)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Registration template failed to execute: %v returned %s\n", data, err.Error())
|
log.Printf("scsusers.sendRegistrationEmail: Registration template failed to execute: %v returned %s\n", data, err.Error())
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
subject := fmt.Sprintf("Welcome to %s", c.SiteName)
|
subject := fmt.Sprintf("Welcome to %s", c.SiteName)
|
||||||
err = SendMail("localhost:25", c.FromEmail, subject, body.String(), recipient)
|
err = SendMail("localhost:25", c.FromEmail, subject, body.String(), recipient)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Error sending mail to %s: %s\n", recipient, err.Error())
|
log.Printf("scsusers.SendRegistrationEmail: Error sending mail to %s: %s\n", recipient, err.Error())
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
@@ -238,14 +260,14 @@ func sendAlertEmail(username, recipient, message string) bool {
|
|||||||
var body bytes.Buffer
|
var body bytes.Buffer
|
||||||
err := c.Templates.Registration.Execute(&body, data)
|
err := c.Templates.Registration.Execute(&body, data)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Alert template failed to execute: %v returned %s\n", data, err.Error())
|
log.Printf("scsusers.sendAlertEmail: Alert template failed to execute: %v returned %s\n", data, err.Error())
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
subject := fmt.Sprintf("New activity on %s", c.SiteName)
|
subject := fmt.Sprintf("New activity on %s", c.SiteName)
|
||||||
err = SendMail("localhost:25", c.FromEmail, subject, body.String(), recipient)
|
err = SendMail("localhost:25", c.FromEmail, subject, body.String(), recipient)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Error sending mail to %s: %s\n", recipient, err.Error())
|
log.Printf("scsusers.sendAlertEmail: Error sending mail to %s: %s\n", recipient, err.Error())
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
@@ -266,13 +288,13 @@ func sendRecoveryEmail(recipient, username, code string) bool {
|
|||||||
var body bytes.Buffer
|
var body bytes.Buffer
|
||||||
err := c.Templates.Registration.Execute(&body, data)
|
err := c.Templates.Registration.Execute(&body, data)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Registration template failed to execute: %v returned %s\n", data, err.Error())
|
log.Printf("scsusers.sendRecoveryEmail: Recovery template failed to execute: %v returned %s\n", data, err.Error())
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
subject := fmt.Sprintf("Welcome to %s", c.SiteName)
|
subject := fmt.Sprintf("Account recovery at %s", c.SiteName)
|
||||||
err = SendMail("localhost:25", c.FromEmail, subject, body.String(), recipient)
|
err = SendMail("localhost:25", c.FromEmail, subject, body.String(), recipient)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Error sending mail to %s: %s\n", recipient, err.Error())
|
log.Printf("scsusers.sendRecoveryEmail: Error sending mail to %s: %s\n", recipient, err.Error())
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
@@ -291,7 +313,7 @@ func SetRegistrationTemplate(t string) bool {
|
|||||||
|
|
||||||
r, err := template.New("reg").Parse(df)
|
r, err := template.New("reg").Parse(df)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal("Default registration template MUST compile. Error: " + err.Error())
|
log.Fatal("scsusers.SetRegistrationTemplate: Default registration template MUST compile. Error: " + err.Error())
|
||||||
}
|
}
|
||||||
c.Templates.Registration = r
|
c.Templates.Registration = r
|
||||||
|
|
||||||
@@ -309,7 +331,7 @@ func SetAlertTemplate(t string) bool {
|
|||||||
df := `<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html></head><body><p> Hey {{.UserName}}! Just letting you know that {{.Activity}}.<br> You can disable future notifications in your user settings.</p></body></html>`
|
df := `<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html></head><body><p> Hey {{.UserName}}! Just letting you know that {{.Activity}}.<br> You can disable future notifications in your user settings.</p></body></html>`
|
||||||
r, err := template.New("alert").Parse(df)
|
r, err := template.New("alert").Parse(df)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal("Default alert template MUST compile. Error: " + err.Error())
|
log.Fatal("scsusers.SetAlertTemplate: Default alert template MUST compile. Error: " + err.Error())
|
||||||
}
|
}
|
||||||
c.Templates.Alert = r
|
c.Templates.Alert = r
|
||||||
return false
|
return false
|
||||||
@@ -326,7 +348,7 @@ func SetRecoveryTemplate(t string) bool {
|
|||||||
df := `<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html></head><body><p>Hello {{.UserName}}! Someone (hopefully you) has attempted an account recovery agt {{.SiteName}}. If this was you, enter the following code to regain access: {{.RecoveryCode}}<br> If this was not you, you can ignore this email.</p></body></html>`
|
df := `<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html></head><body><p>Hello {{.UserName}}! Someone (hopefully you) has attempted an account recovery agt {{.SiteName}}. If this was you, enter the following code to regain access: {{.RecoveryCode}}<br> If this was not you, you can ignore this email.</p></body></html>`
|
||||||
r, err := template.New("recovery").Parse(df)
|
r, err := template.New("recovery").Parse(df)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal("Default alert template MUST compile. Error: " + err.Error())
|
log.Fatal("scsusers.SetRecoveryTemplate: Default recovery template MUST compile. Error: " + err.Error())
|
||||||
}
|
}
|
||||||
c.Templates.Recovery = r
|
c.Templates.Recovery = r
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user