diff --git a/cmd/fathom/register.go b/cmd/fathom/register.go index 5218ad2..3d57c73 100644 --- a/cmd/fathom/register.go +++ b/cmd/fathom/register.go @@ -7,7 +7,6 @@ import ( log "github.com/sirupsen/logrus" "github.com/urfave/cli" "github.com/usefathom/fathom/pkg/models" - "golang.org/x/crypto/bcrypt" ) var registerCmd = cli.Command{ @@ -30,7 +29,7 @@ var registerCmd = cli.Command{ func register(c *cli.Context) error { email := c.String("email") if email == "" { - return errors.New("Invalid arguments: missing email address") + return errors.New("Invalid arguments: missing email") } password := c.String("password") @@ -38,12 +37,8 @@ func register(c *cli.Context) error { return errors.New("Invalid arguments: missing password") } - hash, _ := bcrypt.GenerateFromPassword([]byte(password), 10) - user := &models.User{ - Email: email, - Password: string(hash), - } - err := app.database.SaveUser(user) + user := models.NewUser(email, password) + err := app.database.SaveUser(&user) if err != nil { return fmt.Errorf("Error creating user: %s", err) diff --git a/pkg/api/auth.go b/pkg/api/auth.go index 23ae160..47bac54 100644 --- a/pkg/api/auth.go +++ b/pkg/api/auth.go @@ -6,7 +6,6 @@ import ( "net/http" "github.com/usefathom/fathom/pkg/datastore" - "golang.org/x/crypto/bcrypt" ) type key int @@ -24,7 +23,10 @@ type login struct { func (api *API) LoginHandler(w http.ResponseWriter, r *http.Request) error { // check login creds var l login - json.NewDecoder(r.Body).Decode(&l) + err := json.NewDecoder(r.Body).Decode(&l) + if err != nil { + return err + } // find user with given email u, err := api.database.GetUserByEmail(l.Email) @@ -33,7 +35,7 @@ func (api *API) LoginHandler(w http.ResponseWriter, r *http.Request) error { } // compare pwd - if err == datastore.ErrNoResults || bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(l.Password)) != nil { + if err == datastore.ErrNoResults || u.ComparePassword(l.Password) != nil { w.WriteHeader(http.StatusUnauthorized) return respond(w, envelope{Error: "invalid_credentials"}) } diff --git a/pkg/models/user.go b/pkg/models/user.go index 7c9c229..9347052 100644 --- a/pkg/models/user.go +++ b/pkg/models/user.go @@ -1,7 +1,28 @@ package models +import ( + "golang.org/x/crypto/bcrypt" +) + type User struct { ID int64 Email string Password string `json:"-"` } + +func NewUser(e string, pwd string) User { + u := User{ + Email: e, + } + u.SetPassword(pwd) + return u +} + +func (u *User) SetPassword(pwd string) { + hash, _ := bcrypt.GenerateFromPassword([]byte(pwd), bcrypt.DefaultCost) + u.Password = string(hash) +} + +func (u *User) ComparePassword(pwd string) error { + return bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(pwd)) +} diff --git a/pkg/models/user_test.go b/pkg/models/user_test.go new file mode 100644 index 0000000..feaceac --- /dev/null +++ b/pkg/models/user_test.go @@ -0,0 +1,27 @@ +package models + +import ( + "testing" +) + +func TestNewUser(t *testing.T) { + email := "foo@bar.com" + pwd := "passw0rd01" + u := NewUser(email, pwd) + + if u.Email != email { + t.Errorf("Email: expected %s, got %s", email, u.Email) + } + + if u.ComparePassword(pwd) != nil { + t.Error("Password not set correctly") + } +} + +func TestUserPassword(t *testing.T) { + u := &User{} + u.SetPassword("password") + if u.ComparePassword("password") != nil { + t.Errorf("Password should match, but does not") + } +}