Set user password

2023-10-26 17:40:05 +02:00
parent dd671d561c
commit 50187f5a34
5 changed files with 67 additions and 5 deletions
--- a/app/lib/auth/auth.go
+++ b/app/lib/auth/auth.go
@ -0,0 +1 @@
+package auth
--- a/app/lib/auth/passwords.go
+++ b/app/lib/auth/passwords.go
@ -0,0 +1,41 @@
+package auth
+
+import (
+	"regexp"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+// about bcrypt cost: https://docs.laminas.dev/laminas-crypt/password/#bcrypt
+// bcrypt cost benchmarks: https://github.com/nsmithuk/bcrypt-cost-go
+const BCRYPT_COST = 10
+const MIN_PASSWORD_LENGTH = 10
+
+func IsPasswordGoodEnough(password string) bool {
+	var re *regexp.Regexp
+	passwordBytes := []byte(password)
+
+	if len(password) < MIN_PASSWORD_LENGTH {
+		return false
+	}
+	re, _ = regexp.Compile("[a-z]")
+	if re.Find(passwordBytes) == nil {
+		return false
+	}
+	re, _ = regexp.Compile("[A-Z]")
+	if re.Find(passwordBytes) == nil {
+		return false
+	}
+	re, _ = regexp.Compile("[0-9]")
+	//lint:ignore S1008 allow early exit instead optimization
+	if re.Find(passwordBytes) == nil {
+		return false
+	}
+
+	return true
+}
+
+func HashPassword(password string, secretKey string) (string, error) {
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password+secretKey), BCRYPT_COST)
+	return string(bytes), err
+}
--- a/app/models/user.go
+++ b/app/models/user.go
@ -1,6 +1,8 @@
 package models

 import (
+	"iris-test/app/lib/auth"
+	"iris-test/app/lib/cfg"
 	"time"
 )

@ -19,8 +21,12 @@ func (u *User) TableName() string {
 	return "users"
 }

-// func (u *User) SetPassword(password string) (string, error) {
-// 	secretKey := common.Config.Application.SecretKey
-// 	bytes, err := bcrypt.GenerateFromPassword([]byte(password+secretKey), 14)
-// 	return string(bytes), err
-// }
+func (u *User) SetPassword(password string) error {
+	secretKey := cfg.Config.Application.SecretKey
+	hashedPassword, err := auth.HashPassword(password, secretKey)
+	if err != nil {
+		return err
+	}
+	u.Password = hashedPassword
+	return nil
+}
--- a/app/templates/pages/user-edit.jet
+++ b/app/templates/pages/user-edit.jet
@ -20,6 +20,10 @@
                <label class="form-label">Email</label>
                <input type="email" name="email" class="form-control" value="{{ user.Email }}" required>
            </div>
+            <div class="mb-3">
+                <label class="form-label">Password</label>
+                <input type="text" name="password" class="form-control">
+            </div>

            <div class="d-flex">
                <a href="/users" class="btn btn-outline-secondary ms-auto me-2">
--- a/app/views/users.go
+++ b/app/views/users.go
@ -1,6 +1,8 @@
 package views

 import (
+	"fmt"
+	"iris-test/app/lib/auth"
 	"iris-test/app/repository"

 	"github.com/kataras/iris/v12"
@ -10,6 +12,7 @@ type editUserForm struct {
 	FirstName string `form:"first-name"`
 	LastName  string `form:"last-name"`
 	Email     string `form:"email"`
+	Password  string `form:"password"`
 }

 func GetUsersPage(ctx iris.Context) {
@ -66,6 +69,13 @@ func SaveUserPage(ctx iris.Context) {
 	user.LastName = form.LastName
 	user.Email = form.Email

+	if len(form.Password) > 0 {
+		user.SetPassword(form.Password)
+		fmt.Printf("Set password: %s\n", user.Password)
+		fmt.Printf("IsPasswordGoodEnough: %v\n", auth.IsPasswordGoodEnough(form.Password))
+
+	}
+
 	userRepository.Save(user)

 	ctx.Redirect("/users")