local-it/vikunja-api
Archived
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add endpoint to disable totp auth

Browse source
This commit is contained in:
kolaente 2020-04-18 01:38:49 +02:00
parent 87d0c9088d
commit 895d9613b5
Signed by untrusted user who does not match committer: konrad
GPG key ID: F40E70337AB24C9B
4 changed files with 67 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

18
pkg/user/user.go
View file

@ -172,17 +172,27 @@ func CheckUserCredentials(u *Login) (*User, error) {
}
// Check the users password
err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(u.Password))
err = CheckUserPassword(user, u.Password)
if err != nil {
if err == bcrypt.ErrMismatchedHashAndPassword {
return &User{}, ErrWrongUsernameOrPassword{}
}
return &User{}, err
}
return user, nil
}
// CheckUserPassword checks and verifies a user's password. The user object needs to contain the hashed password from the database.
func CheckUserPassword(user *User, password string) error {
err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
if err != nil {
if err == bcrypt.ErrMismatchedHashAndPassword {
return ErrWrongUsernameOrPassword{}
}
return err
}
return nil
}
// GetCurrentUser returns the current user based on its jwt token
func GetCurrentUser(c echo.Context) (user *User, err error) {
jwtinf := c.Get("user").(*jwt.Token)