tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-22 18:28:37 +00:00
Code Releases Activity

[Refactor] Passwort Hash/Set (#14282)

Browse Source 
* move SaltGeneration into HashPasswort and rename it to what it does

* Migration: Where Password is Valid with Empty String delete it

* prohibit empty password hash

* let SetPassword("") unset pwd stuff
This commit is contained in:
6543
2021-01-10 19:05:18 +01:00
committed by GitHub
parent 6b3b6f1833
commit 74a0481586
10 changed files with 158 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
routers/admin/users.go
View File

@@ -267,7 +267,10 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) {
ctx.ServerError("UpdateUser", err)
return
}
u.HashPassword(form.Password)
if err = u.SetPassword(form.Password); err != nil {
ctx.InternalServerError(err)
return
}
}
if len(form.UserName) != 0 && u.Name != form.UserName {

5
routers/api/v1/admin/user.go
View File

@@ -174,7 +174,10 @@ func EditUser(ctx *context.APIContext, form api.EditUserOption) {
ctx.Error(http.StatusInternalServerError, "UpdateUser", err)
return
}
u.HashPassword(form.Password)
if err = u.SetPassword(form.Password); err != nil {
ctx.InternalServerError(err)
return
}
}
if form.MustChangePassword != nil {

6
routers/user/auth.go
View File

@@ -1517,11 +1517,10 @@ func ResetPasswdPost(ctx *context.Context) {
ctx.ServerError("UpdateUser", err)
return
}
if u.Salt, err = models.GetUserSalt(); err != nil {
if err = u.SetPassword(passwd); err != nil {
ctx.ServerError("UpdateUser", err)
return
}
u.HashPassword(passwd)
u.MustChangePassword = false
if err := models.UpdateUserCols(u, "must_change_password", "passwd", "passwd_hash_algo", "rands", "salt"); err != nil {
ctx.ServerError("UpdateUser", err)
@@ -1591,12 +1590,11 @@ func MustChangePasswordPost(ctx *context.Context, cpt *captcha.Captcha, form aut
}
var err error
if u.Salt, err = models.GetUserSalt(); err != nil {
if err = u.SetPassword(form.Password); err != nil {
ctx.ServerError("UpdateUser", err)
return
}
u.HashPassword(form.Password)
u.MustChangePassword = false
if err := models.UpdateUserCols(u, "must_change_password", "passwd", "passwd_hash_algo", "salt"); err != nil {

3
routers/user/setting/account.go
View File

@@ -63,11 +63,10 @@ func AccountPost(ctx *context.Context, form auth.ChangePasswordForm) {
ctx.Flash.Error(errMsg)
} else {
var err error
if ctx.User.Salt, err = models.GetUserSalt(); err != nil {
if err = ctx.User.SetPassword(form.Password); err != nil {
ctx.ServerError("UpdateUser", err)
return
}
ctx.User.HashPassword(form.Password)
if err := models.UpdateUserCols(ctx.User, "salt", "passwd_hash_algo", "passwd"); err != nil {
ctx.ServerError("UpdateUser", err)
return