Quellcode durchsuchen

Fix:
token decryption on reset password:

Sasan Torabkheslat vor 4 Jahren
Ursprung
Commit
a258768d20
3 geänderte Dateien mit 88 neuen und 28 gelöschten Zeilen
  1. 73 17
      handler.go
  2. 9 6
      main.go
  3. 6 5
      vendor/github.com/labstack/echo/echo.go

+ 73 - 17
handler.go

@@ -5,13 +5,14 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
-	"github.com/dgrijalva/jwt-go"
-	"github.com/labstack/echo"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strings"
 	"time"
+
+	"github.com/dgrijalva/jwt-go"
+	"github.com/labstack/echo"
 )
 
 type handler struct{}
@@ -222,13 +223,15 @@ func (h *handler) addUser(c echo.Context) error {
 	if err != nil {
 		fmt.Println("err:", err)
 	}
+	fmt.Println("AddUser Claims: ", claims)
+	fmt.Println("AddUser token: ", token)
 	username := c.FormValue("Username")
 	sha256 := sha256.Sum256([]byte(username))
 	var hashChannel = make(chan []byte, 1)
 	hashChannel <- sha256[:]
 	ciphertext := encrypt(<-hashChannel, string(b))
-	//fmt.Println(b)
-	//fmt.Println(ciphertext)
+	fmt.Println("B: ", string(b))
+	fmt.Println("Ciphere: ", ciphertext)
 	sn := c.FormValue("Lname")
 	cn := c.FormValue("FullName")
 	givenname := c.FormValue("Fname")
@@ -306,6 +309,7 @@ func (h *handler) addUser(c echo.Context) error {
 	body, err := ioutil.ReadAll(res.Body)
 	result := addUser{}
 	_err := json.Unmarshal(body, &result)
+	//	fmt.Println(result)
 	if _err != nil {
 		_apiErr := apiErr{}
 		__err := json.Unmarshal(body, &_apiErr)
@@ -316,7 +320,13 @@ func (h *handler) addUser(c echo.Context) error {
 		return c.String(http.StatusBadRequest, string(res2B))
 	}
 	go sendMail("Welcome to ZiCloud\r\n Your temporary link is :\r\n https://zicloud.com/reset/"+url.QueryEscape(ciphertext), "Welcome to ZiCloud", mail)
-	return c.String(http.StatusOK, "Done, Reset Link was sent to "+mail)
+	resp := _response{
+		Origin:  "addUser",
+		Message: "Done, Reset Link was sent to " + mail,
+		Code:    1000,
+	}
+	b, _ = json.MarshalIndent(resp, "", "  ")
+	return c.String(http.StatusOK, string(b))
 }
 func (h *handler) disableUser(c echo.Context) error {
 	user := c.Get("user").(*jwt.Token)
@@ -360,7 +370,13 @@ func (h *handler) disableUser(c echo.Context) error {
 		return c.String(http.StatusBadRequest, "Error"+err.Error())
 	}
 	defer res.Body.Close()
-	return c.String(http.StatusOK, "Done")
+	resp := _response{
+		Origin:  "disableUser",
+		Message: "Done",
+		Code:    1000,
+	}
+	b, _ := json.MarshalIndent(resp, "", "  ")
+	return c.String(http.StatusOK, string(b))
 }
 func (h *handler) resetUser(c echo.Context) error {
 	type keyJson struct {
@@ -368,7 +384,7 @@ func (h *handler) resetUser(c echo.Context) error {
 		Admin    bool     `json:"admin"`
 		Exp      int      `json:"exp"`
 		Memberof []string `json:"memberof"`
-		Name     []string `json:"name"`
+		Name     string   `json:"name"`
 		Sub      int      `json:"sub"`
 	}
 	t := time.Now() //%Y%m%d%H%M%SZ
@@ -377,13 +393,19 @@ func (h *handler) resetUser(c echo.Context) error {
 	password := c.FormValue("Password")
 	key := c.FormValue("key")
 	key, _ = url.QueryUnescape(key)
-	sha256 := sha256.Sum256([]byte(username))
+	_sha256 := sha256.Sum256([]byte(username))
 	var hashChannel = make(chan []byte, 1)
-	hashChannel <- sha256[:]
+	hashChannel <- _sha256[:]
 	plainkey := decrypt(<-hashChannel, key)
 	_plainkey := keyJson{}
 	json.Unmarshal([]byte(plainkey), &_plainkey)
-	token := _plainkey.IPAToken
+	_name := _plainkey.Name
+	//_sha256 := sha256.Sum256([]byte(string("")))
+	var hashChannel_ = make(chan []byte, 1)
+	__sha256 := sha256.Sum256([]byte(_name))
+	hashChannel_ <- __sha256[:]
+	token := decrypt(<-hashChannel_, string(_plainkey.IPAToken))
+	//	token := _plainkey.IPAToken
 	_url := URL + "/ipa/session/json"
 	method := "POST"
 	_json := fmt.Sprintf(`
@@ -415,6 +437,10 @@ func (h *handler) resetUser(c echo.Context) error {
 	req.Header.Add("Accept", "text/plain")
 	req.Header.Add("Cookie", token)
 	res, err := client.Do(req)
+	//fmt.Println(token)
+	//fmt.Println(_json)
+	//fmt.Println(req)
+	//fmt.Println(res)
 	_json = fmt.Sprintf(`
 {
     "id": 0,
@@ -441,12 +467,21 @@ func (h *handler) resetUser(c echo.Context) error {
 	req.Header.Add("Cookie", token)
 	err = nil
 	res, err = client.Do(req)
-	//fmt.Println(payload)
+	//fmt.Println(token)
+	//fmt.Println(_json)
+	//fmt.Println(req)
+	//fmt.Println(res)
 	if err != nil {
 		return c.String(http.StatusBadRequest, "Error"+err.Error())
 	}
 	defer res.Body.Close()
-	return c.String(http.StatusOK, "Done")
+	resp := _response{
+		Origin:  "resetUser",
+		Message: "Done",
+		Code:    1000,
+	}
+	b, _ := json.MarshalIndent(resp, "", "  ")
+	return c.String(http.StatusOK, string(b))
 }
 func (h *handler) dnsrecordadd(c echo.Context) error {
 	user := c.Get("user").(*jwt.Token)
@@ -500,7 +535,13 @@ func (h *handler) dnsrecordadd(c echo.Context) error {
 	//json.Unmarshal(body, &_res)
 	//fmt.Println(_res)
 	defer res.Body.Close()
-	return c.String(http.StatusOK, "Done")
+	resp := _response{
+		Origin:  "dnsrecordadd",
+		Message: "Done",
+		Code:    1000,
+	}
+	b, _ := json.MarshalIndent(resp, "", "  ")
+	return c.String(http.StatusOK, string(b))
 }
 func (h *handler) token(c echo.Context) error {
 	user := c.Get("user").(*jwt.Token)
@@ -520,7 +561,7 @@ func (h *handler) token(c echo.Context) error {
 }
 func (h *handler) verifyUser(c echo.Context) error {
 	name := c.FormValue("Username")
-	fmt.Println("Name: ", name)
+	//fmt.Println("Name: ", name)
 	if name == "" {
 		return c.JSON(http.StatusNotFound, "User NOT Found")
 	}
@@ -552,10 +593,25 @@ func (h *handler) verifyUser(c echo.Context) error {
 	if res.StatusCode == 200 {
 		user := getUserInfo(token, name)
 		if user.Result.Value != name {
-			return c.JSON(http.StatusNotFound, "User NOT Found")
+			resp := _response{
+				Origin:  "VerifyUser",
+				Message: "User Not Found",
+				Code:    1001,
+			}
+			b, _errr := json.MarshalIndent(resp, "", "  ")
+			if _errr != nil {
+				fmt.Println(_errr)
+			}
+			fmt.Print(string(b))
+			return c.JSON(http.StatusNotFound, string(b))
 		}
 	}
+	resp := _response{
+		Origin:  "VerifyUser",
+		Message: "User Found",
+		Code:    1002,
+	}
+	b, _ := json.MarshalIndent(resp, "", "  ")
 
-	return c.JSON(http.StatusOK, "User Founded")
-
+	return c.JSON(http.StatusOK, string(b))
 }

+ 9 - 6
main.go

@@ -6,8 +6,6 @@ import (
 	"crypto/rand"
 	"encoding/base64"
 	"fmt"
-	"github.com/labstack/echo"
-	"github.com/labstack/echo/middleware"
 	"io"
 	"log"
 	"log/syslog"
@@ -15,6 +13,9 @@ import (
 	"net/smtp"
 	"os"
 	"time"
+
+	"github.com/labstack/echo"
+	"github.com/labstack/echo/middleware"
 )
 
 var _appversion string = "0.1"
@@ -29,7 +30,6 @@ func audit(txt string) {
 	}
 	log.SetOutput(syslogger)
 	log.Println(txt)
-
 }
 
 var RealIP string
@@ -77,7 +77,6 @@ func main() {
 
 	h := &handler{}
 	echoHandler.POST("/login", h.login)
-
 	echoHandler.GET("/private", h.private, isLoggedIn)
 
 	echoHandler.GET("/admin", h.private, isLoggedIn, isAdmin)
@@ -92,12 +91,10 @@ func main() {
 func encrypt(key []byte, text string) string {
 	// key := []byte(keyText)
 	plaintext := []byte(text)
-
 	block, err := aes.NewCipher(key)
 	if err != nil {
 		panic(err)
 	}
-
 	// The IV needs to be unique, but not secure. Therefore it's common to
 	// include it at the beginning of the ciphertext.
 	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
@@ -135,3 +132,9 @@ func decrypt(key []byte, cryptoText string) string {
 
 	return fmt.Sprintf("%s", ciphertext)
 }
+
+type _response struct {
+	Message string `json:"message"`
+	Origin  string `json:"origin"`
+	Code    int    `json:"code"`
+}

+ 6 - 5
vendor/github.com/labstack/echo/echo.go

@@ -217,17 +217,18 @@ const (
 )
 
 const (
-        Version = "3.3.6"
-        website = "https://zi-tel.com"
-        // http://patorjk.com/software/taag/#p=display&f=Small%20Slant&t=Echo
-        banner = `
-FDIACS-API %s
+	Version = "0.1"
+	website = "https://zicloud.com"
+	// http://patorjk.com/software/taag/#p=display&f=Small%20Slant&t=Echo
+	banner = `
+ZiCloud-API %s
 High performance, minimalist API written with Go web framework
 %s
 ____________________________________O/_______
                                     O\
 `
 )
+
 var (
 	methods = [...]string{
 		CONNECT,