Make IMAP and SMTP sessions check for passwords
This commit is contained in:
@@ -2,6 +2,7 @@ package imap
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"log"
|
"log"
|
||||||
"sync/atomic"
|
"sync/atomic"
|
||||||
@@ -70,14 +71,21 @@ func (c *concrete) Run() {
|
|||||||
|
|
||||||
// backend implementation for go-imap
|
// backend implementation for go-imap
|
||||||
func (c *concrete) Login(user, pass string) (imapbackend.User, error) {
|
func (c *concrete) Login(user, pass string) (imapbackend.User, error) {
|
||||||
// FIXME: TODO: Check for account existence and correct password(!)
|
account, err := c.store.FindAccountWithPassword(user, pass)
|
||||||
|
if err != nil {
|
||||||
|
// Lo the real error, but don't show it to the end user
|
||||||
|
log.Printf("Opening %s session for %s failed: %s", c.name, user, err)
|
||||||
|
return nil, fmt.Errorf("Login failed")
|
||||||
|
}
|
||||||
|
|
||||||
session := &Session{
|
session := &Session{
|
||||||
ID: atomic.AddUint64(&c.sid, uint64(1)),
|
ID: atomic.AddUint64(&c.sid, uint64(1)),
|
||||||
AccountName: user,
|
Account: account,
|
||||||
ServiceName: c.name,
|
ServiceName: c.name,
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Printf("Beginning %s session %d for %s", c.name, session.ID, user)
|
log.Printf("Beginning %s session %d for %s", c.name, session.ID, user)
|
||||||
|
// FIXME: TODO: Track ongoing sessions for termination or notifications
|
||||||
|
|
||||||
return session, nil
|
return session, nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -5,6 +5,8 @@ import (
|
|||||||
"log"
|
"log"
|
||||||
|
|
||||||
imapbackend "github.com/emersion/go-imap/backend"
|
imapbackend "github.com/emersion/go-imap/backend"
|
||||||
|
|
||||||
|
"ur.gs/crockery/internal/store"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@@ -14,12 +16,12 @@ var (
|
|||||||
// type Session implements the User interface for emersion/go-imap
|
// type Session implements the User interface for emersion/go-imap
|
||||||
type Session struct {
|
type Session struct {
|
||||||
ID uint64
|
ID uint64
|
||||||
AccountName string
|
Account *store.Account
|
||||||
ServiceName string
|
ServiceName string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Session) Username() string {
|
func (s *Session) Username() string {
|
||||||
return s.AccountName
|
return s.Account.Username
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Session) ListMailboxes(subscribed bool) ([]imapbackend.Mailbox, error) {
|
func (s *Session) ListMailboxes(subscribed bool) ([]imapbackend.Mailbox, error) {
|
||||||
@@ -43,7 +45,7 @@ func (s *Session) RenameMailbox(existingName, newName string) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *Session) Logout() error {
|
func (s *Session) Logout() error {
|
||||||
log.Printf("Ending %s session %d for %s", s.ServiceName, s.ID, s.AccountName)
|
log.Printf("Ending %s session %d for %s", s.ServiceName, s.ID, s.Username())
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ package smtp
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"log"
|
"log"
|
||||||
"sync/atomic"
|
"sync/atomic"
|
||||||
@@ -60,14 +61,21 @@ func (c *concrete) Run() {
|
|||||||
|
|
||||||
// backend implementation for go-smtp
|
// backend implementation for go-smtp
|
||||||
func (c *concrete) Login(user, pass string) (smtp.User, error) {
|
func (c *concrete) Login(user, pass string) (smtp.User, error) {
|
||||||
// FIXME: TODO: Check for account existence and correct password(!)
|
account, err := c.store.FindAccountWithPassword(user, pass)
|
||||||
|
if err != nil {
|
||||||
|
// Lo the real error, but don't show it to the end user
|
||||||
|
log.Printf("Opening %s session for %s failed: %s", c.name, user, err)
|
||||||
|
return nil, fmt.Errorf("Login failed")
|
||||||
|
}
|
||||||
|
|
||||||
session := &Session{
|
session := &Session{
|
||||||
ID: atomic.AddUint64(&c.sid, uint64(1)),
|
ID: atomic.AddUint64(&c.sid, uint64(1)),
|
||||||
AccountName: user,
|
Account: account,
|
||||||
ServiceName: c.name,
|
ServiceName: c.name,
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Printf("Beginning %s session %d for %s", c.name, session.ID, user)
|
log.Printf("Beginning %s session %d for %s", c.name, session.ID, user)
|
||||||
|
// FIXME: TODO: Track ongoing sessions for termination or notifications
|
||||||
|
|
||||||
return session, nil
|
return session, nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -5,12 +5,14 @@ import (
|
|||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
|
|
||||||
|
"ur.gs/crockery/internal/store"
|
||||||
)
|
)
|
||||||
|
|
||||||
// type Session implements the User interface for emersion/go-smtp
|
// type Session implements the User interface for emersion/go-smtp
|
||||||
type Session struct {
|
type Session struct {
|
||||||
ID uint64
|
ID uint64
|
||||||
AccountName string
|
Account *store.Account
|
||||||
ServiceName string
|
ServiceName string
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -20,13 +22,13 @@ func (s *Session) Send(from string, to []string, r io.Reader) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Printf("%s session %d for %s: from=%s, to=%s, r=<<EOF\n%s\nEOF", s.ServiceName, s.ID, s.AccountName, from, to, string(data))
|
log.Printf("%s session %d for %s: from=%s, to=%s, r=<<EOF\n%s\nEOF", s.ServiceName, s.ID, s.Account.Username, from, to, string(data))
|
||||||
|
|
||||||
return fmt.Errorf("Not yet implemented")
|
return fmt.Errorf("Not yet implemented")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Session) Logout() error {
|
func (s *Session) Logout() error {
|
||||||
log.Printf("Ending %s session %d for %s", s.ServiceName, s.ID, s.AccountName)
|
log.Printf("Ending %s session %d for %s", s.ServiceName, s.ID, s.Account.Username)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -20,6 +20,7 @@ type Interface interface {
|
|||||||
|
|
||||||
CreateAccount(*Account) error
|
CreateAccount(*Account) error
|
||||||
FindAccount(string) (*Account, error)
|
FindAccount(string) (*Account, error)
|
||||||
|
FindAccountWithPassword(string, string) (*Account, error)
|
||||||
|
|
||||||
io.Closer
|
io.Closer
|
||||||
}
|
}
|
||||||
@@ -141,14 +142,30 @@ func (c *concrete) SetTLS(certPEM, keyPEM []byte) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *concrete) CreateAccount(a *Account) error {
|
func (c *concrete) CreateAccount(account *Account) error {
|
||||||
return c.storm.Save(a)
|
return c.storm.Save(account)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *concrete) FindAccount(username string) (*Account, error) {
|
func (c *concrete) FindAccount(username string) (*Account, error) {
|
||||||
var a Account
|
var account Account
|
||||||
|
|
||||||
return &a, c.storm.One("Username", username, &a)
|
return &account, c.storm.One("Username", username, &account)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *concrete) FindAccountWithPassword(username, password string) (*Account, error) {
|
||||||
|
account, err := c.FindAccount(username)
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
// Always do a bcrypt check to avoid timing attacks
|
||||||
|
_ = CheckPassword("", "")
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if !CheckPassword(account.PasswordHash, password) {
|
||||||
|
return nil, fmt.Errorf("bad password")
|
||||||
|
}
|
||||||
|
|
||||||
|
return account, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *concrete) Close() error {
|
func (c *concrete) Close() error {
|
||||||
|
|||||||
Reference in New Issue
Block a user