本文整理匯總了Golang中github.com/juju/utils.UserPasswordHash函數的典型用法代碼示例。如果您正苦於以下問題:Golang UserPasswordHash函數的具體用法?Golang UserPasswordHash怎麽用?Golang UserPasswordHash使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了UserPasswordHash函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。
示例1: TestPasswordValidUpdatesSalt
func (s *UserSuite) TestPasswordValidUpdatesSalt(c *gc.C) {
user := s.Factory.MakeUser(c, nil)
compatHash := utils.UserPasswordHash("foo", utils.CompatSalt)
err := user.SetPasswordHash(compatHash, "")
c.Assert(err, jc.ErrorIsNil)
beforeSalt, beforeHash := state.GetUserPasswordSaltAndHash(user)
c.Assert(beforeSalt, gc.Equals, "")
c.Assert(beforeHash, gc.Equals, compatHash)
c.Assert(user.PasswordValid("bar"), jc.IsFalse)
// A bad password doesn't trigger a rewrite
afterBadSalt, afterBadHash := state.GetUserPasswordSaltAndHash(user)
c.Assert(afterBadSalt, gc.Equals, "")
c.Assert(afterBadHash, gc.Equals, compatHash)
// When we get a valid check, we then add a salt and rewrite the hash
c.Assert(user.PasswordValid("foo"), jc.IsTrue)
afterSalt, afterHash := state.GetUserPasswordSaltAndHash(user)
c.Assert(afterSalt, gc.Not(gc.Equals), "")
c.Assert(afterHash, gc.Not(gc.Equals), compatHash)
c.Assert(afterHash, gc.Equals, utils.UserPasswordHash("foo", afterSalt))
// running PasswordValid again doesn't trigger another rewrite
c.Assert(user.PasswordValid("foo"), jc.IsTrue)
lastSalt, lastHash := state.GetUserPasswordSaltAndHash(user)
c.Assert(lastSalt, gc.Equals, afterSalt)
c.Assert(lastHash, gc.Equals, afterHash)
}
示例2: PasswordValid
// PasswordValid returns whether the given password
// is valid for the user.
func (u *User) PasswordValid(password string) bool {
// If the user is deactivated, no point in carrying on
if u.IsDeactivated() {
return false
}
// Since these are potentially set by a User, we intentionally use the
// slower pbkdf2 style hashing. Also, we don't expect to have thousands
// of Users trying to log in at the same time (which we *do* expect of
// Unit and Machine agents.)
if u.doc.PasswordSalt != "" {
return utils.UserPasswordHash(password, u.doc.PasswordSalt) == u.doc.PasswordHash
}
// In Juju 1.16 and older, we did not set a Salt for the user password,
// so check if the password hash matches using CompatSalt. if it
// does, then set the password again so that we get a proper salt
if utils.UserPasswordHash(password, utils.CompatSalt) == u.doc.PasswordHash {
// This will set a new Salt for the password. We ignore if it
// fails because we will try again at the next request
logger.Debugf("User %s logged in with CompatSalt resetting password for new salt",
u.Name())
err := u.SetPassword(password)
if err != nil {
logger.Errorf("Cannot set resalted password for user %q", u.Name())
}
return true
}
return false
}
示例3: PasswordValid
// PasswordValid returns whether the given password is valid for the User.
func (u *User) PasswordValid(password string) bool {
// If the User is deactivated, no point in carrying on. Since any
// authentication checks are done very soon after the user is read
// from the database, there is a very small timeframe where an user
// could be disabled after it has been read but prior to being checked,
// but in practice, this isn't a problem.
if u.IsDisabled() {
return false
}
if u.doc.PasswordSalt != "" {
return utils.UserPasswordHash(password, u.doc.PasswordSalt) == u.doc.PasswordHash
}
// In Juju 1.16 and older, we did not set a Salt for the user password,
// so check if the password hash matches using CompatSalt. if it
// does, then set the password again so that we get a proper salt
if utils.UserPasswordHash(password, utils.CompatSalt) == u.doc.PasswordHash {
// This will set a new Salt for the password. We ignore if it
// fails because we will try again at the next request
logger.Debugf("User %s logged in with CompatSalt resetting password for new salt",
u.Name())
err := u.SetPassword(password)
if err != nil {
logger.Errorf("Cannot set resalted password for user %q", u.Name())
}
return true
}
return false
}
示例4: TestSetPasswordHashWithSalt
func (s *UserSuite) TestSetPasswordHashWithSalt(c *gc.C) {
user := s.Factory.MakeUser(c, nil)
err := user.SetPasswordHash(utils.UserPasswordHash("foo", "salted"), "salted")
c.Assert(err, jc.ErrorIsNil)
c.Assert(user.PasswordValid("foo"), jc.IsTrue)
salt, hash := state.GetUserPasswordSaltAndHash(user)
c.Assert(salt, gc.Equals, "salted")
c.Assert(hash, gc.Not(gc.Equals), utils.UserPasswordHash("foo", utils.CompatSalt))
}
示例5: SetPassword
// SetPassword sets the password associated with the user.
func (u *User) SetPassword(password string) error {
salt, err := utils.RandomSalt()
if err != nil {
return err
}
return u.SetPasswordHash(utils.UserPasswordHash(password, salt), salt)
}
示例6: SetPassword
// SetPassword sets the password associated with the Identity.
func (i *Identity) SetPassword(password string) error {
salt, err := utils.RandomSalt()
if err != nil {
return err
}
return i.setPasswordHash(utils.UserPasswordHash(password, salt), salt)
}
示例7: AddUser
// AddUser adds a user to the state.
func (st *State) AddUser(username, displayName, password, creator string) (*User, error) {
if !names.IsValidUser(username) {
return nil, errors.Errorf("invalid user name %q", username)
}
salt, err := utils.RandomSalt()
if err != nil {
return nil, err
}
timestamp := time.Now().Round(time.Second).UTC()
u := &User{
st: st,
doc: userDoc{
Name: username,
DisplayName: displayName,
PasswordHash: utils.UserPasswordHash(password, salt),
PasswordSalt: salt,
CreatedBy: creator,
DateCreated: timestamp,
},
}
ops := []txn.Op{{
C: usersC,
Id: username,
Assert: txn.DocMissing,
Insert: &u.doc,
}}
err = st.runTransaction(ops)
if err == txn.ErrAborted {
err = errors.New("user already exists")
}
if err != nil {
return nil, errors.Trace(err)
}
return u, nil
}
示例8: resetAdminPasswordAndFetchDBNames
// resetAdminPasswordAndFetchDBNames logs into the database with a
// plausible password and returns all the database's db names. We need
// to try several passwords because we don't know what state the mongo
// server is in when Reset is called. If the test has set a custom
// password, we're out of luck, but if they are using
// DefaultStatePassword, we can succeed.
func resetAdminPasswordAndFetchDBNames(session *mgo.Session) ([]string, bool, error) {
// First try with no password
dbnames, err := session.DatabaseNames()
if err == nil {
return dbnames, true, nil
}
if !isUnauthorized(err) {
return nil, false, errors.Trace(err)
}
// Then try the two most likely passwords in turn.
for _, password := range []string{
DefaultMongoPassword,
utils.UserPasswordHash(DefaultMongoPassword, utils.CompatSalt),
} {
admin := session.DB("admin")
if err := admin.Login("admin", password); err != nil {
logger.Errorf("failed to log in with password %q", password)
continue
}
dbnames, err := session.DatabaseNames()
if err == nil {
if err := admin.RemoveUser("admin"); err != nil {
return nil, false, errors.Trace(err)
}
return dbnames, true, nil
}
if !isUnauthorized(err) {
return nil, false, errors.Trace(err)
}
logger.Infof("unauthorized access when getting database names; password %q", password)
}
return nil, false, errors.Trace(err)
}
示例9: createInitialUserOps
func createInitialUserOps(controllerUUID string, user names.UserTag, password, salt string, dateCreated time.Time) []txn.Op {
nameToLower := strings.ToLower(user.Name())
doc := userDoc{
DocID: nameToLower,
Name: user.Name(),
DisplayName: user.Name(),
PasswordHash: utils.UserPasswordHash(password, salt),
PasswordSalt: salt,
CreatedBy: user.Name(),
DateCreated: dateCreated,
}
ops := []txn.Op{{
C: usersC,
Id: nameToLower,
Assert: txn.DocMissing,
Insert: &doc,
}}
controllerUserOps := createControllerUserOps(controllerUUID,
names.NewUserTag(user.Name()),
names.NewUserTag(user.Name()),
user.Name(),
dateCreated,
// first user is controller admin.
permission.SuperuserAccess)
ops = append(ops, controllerUserOps...)
return ops
}
示例10: TestAddUserSetsSalt
func (s *UserSuite) TestAddUserSetsSalt(c *gc.C) {
user := s.Factory.MakeUser(c, &factory.UserParams{Password: "a-password"})
salt, hash := state.GetUserPasswordSaltAndHash(user)
c.Assert(hash, gc.Not(gc.Equals), "")
c.Assert(salt, gc.Not(gc.Equals), "")
c.Assert(utils.UserPasswordHash("a-password", salt), gc.Equals, hash)
c.Assert(user.PasswordValid("a-password"), jc.IsTrue)
}
示例11: FinishMachineConfig
// FinishMachineConfig sets fields on a MachineConfig that can be determined by
// inspecting a plain config.Config and the machine constraints at the last
// moment before bootstrapping. It assumes that the supplied Config comes from
// an environment that has passed through all the validation checks in the
// Bootstrap func, and that has set an agent-version (via finding the tools to,
// use for bootstrap, or otherwise).
// TODO(fwereade) This function is not meant to be "good" in any serious way:
// it is better that this functionality be collected in one place here than
// that it be spread out across 3 or 4 providers, but this is its only
// redeeming feature.
func FinishMachineConfig(mcfg *cloudinit.MachineConfig, cfg *config.Config, cons constraints.Value) (err error) {
defer errors.Maskf(&err, "cannot complete machine configuration")
if err := PopulateMachineConfig(
mcfg,
cfg.Type(),
cfg.AuthorizedKeys(),
cfg.SSLHostnameVerification(),
cfg.ProxySettings(),
cfg.AptProxySettings(),
cfg.PreferIPv6(),
); err != nil {
return err
}
// The following settings are only appropriate at bootstrap time. At the
// moment, the only state server is the bootstrap node, but this
// will probably change.
if !mcfg.Bootstrap {
return nil
}
if mcfg.APIInfo != nil || mcfg.MongoInfo != nil {
return fmt.Errorf("machine configuration already has api/state info")
}
caCert, hasCACert := cfg.CACert()
if !hasCACert {
return fmt.Errorf("environment configuration has no ca-cert")
}
password := cfg.AdminSecret()
if password == "" {
return fmt.Errorf("environment configuration has no admin-secret")
}
passwordHash := utils.UserPasswordHash(password, utils.CompatSalt)
mcfg.APIInfo = &api.Info{Password: passwordHash, CACert: caCert}
mcfg.MongoInfo = &authentication.MongoInfo{Password: passwordHash, Info: mongo.Info{CACert: caCert}}
// These really are directly relevant to running a state server.
cert, key, err := cfg.GenerateStateServerCertAndKey()
if err != nil {
return errors.Annotate(err, "cannot generate state server certificate")
}
srvInfo := params.StateServingInfo{
StatePort: cfg.StatePort(),
APIPort: cfg.APIPort(),
Cert: string(cert),
PrivateKey: string(key),
SystemIdentity: mcfg.SystemPrivateSSHKey,
}
mcfg.StateServingInfo = &srvInfo
mcfg.Constraints = cons
if mcfg.Config, err = BootstrapConfig(cfg); err != nil {
return err
}
return nil
}
示例12: TestUserPasswordHash
func (*passwordSuite) TestUserPasswordHash(c *gc.C) {
seenHashes := make(map[string]bool)
for i, password := range testPasswords {
for j, salt := range testSalts {
c.Logf("test %d, %d %s %s", i, j, password, salt)
hashed := utils.UserPasswordHash(password, salt)
c.Logf("hash %q", hashed)
c.Assert(len(hashed), gc.Equals, 24)
c.Assert(seenHashes[hashed], gc.Equals, false)
// check we're not adding base64 padding.
c.Assert(hashed, gc.Matches, base64Chars)
seenHashes[hashed] = true
// check it's deterministic
altHashed := utils.UserPasswordHash(password, salt)
c.Assert(altHashed, gc.Equals, hashed)
}
}
}
示例13: SetPassword
// SetPassword sets the password associated with the User.
func (u *User) SetPassword(password string) error {
if err := u.ensureNotDeleted(); err != nil {
return errors.Annotate(err, "cannot set password")
}
salt, err := utils.RandomSalt()
if err != nil {
return err
}
return u.SetPasswordHash(utils.UserPasswordHash(password, salt), salt)
}
示例14: NewConn
// NewConn returns a new Conn that uses the
// given environment. The environment must have already
// been bootstrapped.
func NewConn(environ environs.Environ) (*Conn, error) {
info, _, err := environ.StateInfo()
if err != nil {
return nil, err
}
password := environ.Config().AdminSecret()
if password == "" {
return nil, fmt.Errorf("cannot connect without admin-secret")
}
err = environs.CheckEnvironment(environ)
if err != nil {
return nil, err
}
info.Password = password
opts := mongo.DefaultDialOpts()
st, err := state.Open(info, opts, environs.NewStatePolicy())
if errors.IsUnauthorized(err) {
logger.Infof("authorization error while connecting to state server; retrying")
// We can't connect with the administrator password,;
// perhaps this was the first connection and the
// password has not been changed yet.
info.Password = utils.UserPasswordHash(password, utils.CompatSalt)
// We try for a while because we might succeed in
// connecting to mongo before the state has been
// initialized and the initial password set.
for a := redialStrategy.Start(); a.Next(); {
st, err = state.Open(info, opts, environs.NewStatePolicy())
if !errors.IsUnauthorized(err) {
break
}
}
if err != nil {
return nil, err
}
if err := st.SetAdminMongoPassword(password); err != nil {
return nil, err
}
} else if err != nil {
return nil, err
}
conn := &Conn{
Environ: environ,
State: st,
}
if err := conn.updateSecrets(); err != nil {
conn.Close()
return nil, fmt.Errorf("unable to push secrets: %v", err)
}
return conn, nil
}
示例15: PasswordValid
// PasswordValid returns whether the given password is valid for the Identity.
func (i *Identity) PasswordValid(password string) bool {
// If the Identity is deactivated, no point in carrying on. Since any
// authentication checks are done very soon after the identity is read
// from the database, there is a very small timeframe where an identity
// could be disabled after it has been read but prior to being checked,
// but in practice, this isn't a problem.
if i.IsDeactivated() {
return false
}
pwHash := utils.UserPasswordHash(password, i.doc.PasswordSalt)
return pwHash == i.doc.PasswordHash
}