auth
auth/oauth2.go
Test authentication helper, fix bugs with authentication. Authentication needs to be hex encoded to be stored, so it only makes sense to decode the hex string stored to get the bytes we'll be comparing. Check for ErrLoginNotFound in addition to ErrProfileNotFound. ErrLoginNotFound is more likely to occur, anyways. Add unit tests for our authentication helper to verify it functions as expected.
1.1 --- a/oauth2.go Wed Nov 19 00:17:34 2014 -0500 1.2 +++ b/oauth2.go Thu Nov 20 01:01:22 2014 -0500 1.3 @@ -2,6 +2,7 @@ 1.4 1.5 import ( 1.6 "encoding/base64" 1.7 + "encoding/hex" 1.8 "encoding/json" 1.9 "errors" 1.10 "html/template" 1.11 @@ -97,15 +98,19 @@ 1.12 func authenticate(user, passphrase string, context Context) (Profile, error) { 1.13 profile, err := context.GetProfileByLogin(user) 1.14 if err != nil { 1.15 - if err == ErrProfileNotFound { 1.16 + if err == ErrProfileNotFound || err == ErrLoginNotFound { 1.17 return Profile{}, ErrIncorrectAuth 1.18 } 1.19 return Profile{}, err 1.20 } 1.21 switch profile.PassphraseScheme { 1.22 case 1: 1.23 + realPass, err := hex.DecodeString(profile.Passphrase) 1.24 + if err != nil { 1.25 + return Profile{}, err 1.26 + } 1.27 candidate := pass.Check(sha256.New, profile.Iterations, []byte(passphrase), []byte(profile.Salt)) 1.28 - if !pass.Compare(candidate, []byte(profile.Passphrase)) { 1.29 + if !pass.Compare(candidate, realPass) { 1.30 return Profile{}, ErrIncorrectAuth 1.31 } 1.32 default: