Pull request 2022: 6280-password-length

Updates #6280. Squashed commit of the following: commit 85014e27da6f289a4ecdd8cbd05c0bee358da39e Merge: 2d93201ce 5f61b550f Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Oct 5 15:58:48 2023 +0300 Merge branch 'master' into 6280-password-length commit 2d93201cea23517cdf3c2b3a4a4c26b7d89d2511 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Oct 5 15:43:05 2023 +0300 client: rm dep commit 3b11d10af8200110fbb1a1d7a7e6e26715ee0436 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Oct 5 15:22:58 2023 +0300 client: imp i18n commit f88dfc9a991c961b17a9add229a768a5cc127071 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Oct 5 15:17:56 2023 +0300 all: imp i18n, names commit a7874f5f1a057a76e05a009ed5204bb1a3d70f50 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu Oct 5 15:07:10 2023 +0300 all: fix passwd check
2023-10-05 16:20:28 +03:00
parent 5f61b550fa
commit 8bb80ba98f
9 changed files with 37408 additions and 16553 deletions
--- a/internal/home/auth.go
+++ b/internal/home/auth.go
@@ -644,24 +644,27 @@ func optionalAuthHandler(handler http.Handler) http.Handler {
 	return &authHandler{handler}
 }

-// UserAdd - add new user
-func (a *Auth) UserAdd(u *webUser, password string) {
+// Add adds a new user with the given password.
+func (a *Auth) Add(u *webUser, password string) (err error) {
 	if len(password) == 0 {
-		return
+		return errors.Error("empty password")
 	}

 	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
 	if err != nil {
-		log.Error("bcrypt.GenerateFromPassword: %s", err)
-		return
+		return fmt.Errorf("generating hash: %w", err)
 	}
+
 	u.PasswordHash = string(hash)

 	a.lock.Lock()
-	a.users = append(a.users, *u)
-	a.lock.Unlock()
+	defer a.lock.Unlock()

-	log.Debug("auth: added user: %s", u.Name)
+	a.users = append(a.users, *u)
+
+	log.Debug("auth: added user with login %q", u.Name)
+
+	return nil
 }

 // findUser returns a user if there is one.
--- a/internal/home/auth_test.go
+++ b/internal/home/auth_test.go
@@ -47,7 +47,8 @@ func TestAuth(t *testing.T) {
 	s := session{}

 	user := webUser{Name: "name"}
-	a.UserAdd(&user, "password")
+	err := a.Add(&user, "password")
+	require.NoError(t, err)

 	assert.Equal(t, checkSessionNotFound, a.checkSession("notfound"))
 	a.RemoveSession("notfound")
--- a/internal/home/controlinstall.go
+++ b/internal/home/controlinstall.go
@@ -417,6 +417,18 @@ func (web *webAPI) handleInstallConfigure(w http.ResponseWriter, r *http.Request
 	config.DNS.BindHosts = []netip.Addr{req.DNS.IP}
 	config.DNS.Port = req.DNS.Port

+	u := &webUser{
+		Name: req.Username,
+	}
+	err = Context.auth.Add(u, req.Password)
+	if err != nil {
+		Context.firstRun = true
+		copyInstallSettings(config, curConfig)
+		aghhttp.Error(r, w, http.StatusUnprocessableEntity, "%s", err)
+
+		return
+	}
+
 	// TODO(e.burkov): StartMods() should be put in a separate goroutine at the
 	// moment we'll allow setting up TLS in the initial configuration or the
 	// configuration itself will use HTTPS protocol, because the underlying
@@ -430,11 +442,6 @@ func (web *webAPI) handleInstallConfigure(w http.ResponseWriter, r *http.Request
 		return
 	}

-	u := &webUser{
-		Name: req.Username,
-	}
-	Context.auth.UserAdd(u, req.Password)
-
 	err = config.write()
 	if err != nil {
 		Context.firstRun = true