Make IMAP and SMTP sessions check for passwords
This commit is contained in:
@@ -2,6 +2,7 @@ package imap
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"sync/atomic"
|
||||
@@ -70,14 +71,21 @@ func (c *concrete) Run() {
|
||||
|
||||
// backend implementation for go-imap
|
||||
func (c *concrete) Login(user, pass string) (imapbackend.User, error) {
|
||||
// FIXME: TODO: Check for account existence and correct password(!)
|
||||
account, err := c.store.FindAccountWithPassword(user, pass)
|
||||
if err != nil {
|
||||
// Lo the real error, but don't show it to the end user
|
||||
log.Printf("Opening %s session for %s failed: %s", c.name, user, err)
|
||||
return nil, fmt.Errorf("Login failed")
|
||||
}
|
||||
|
||||
session := &Session{
|
||||
ID: atomic.AddUint64(&c.sid, uint64(1)),
|
||||
AccountName: user,
|
||||
Account: account,
|
||||
ServiceName: c.name,
|
||||
}
|
||||
|
||||
log.Printf("Beginning %s session %d for %s", c.name, session.ID, user)
|
||||
// FIXME: TODO: Track ongoing sessions for termination or notifications
|
||||
|
||||
return session, nil
|
||||
}
|
||||
|
||||
@@ -5,6 +5,8 @@ import (
|
||||
"log"
|
||||
|
||||
imapbackend "github.com/emersion/go-imap/backend"
|
||||
|
||||
"ur.gs/crockery/internal/store"
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -14,12 +16,12 @@ var (
|
||||
// type Session implements the User interface for emersion/go-imap
|
||||
type Session struct {
|
||||
ID uint64
|
||||
AccountName string
|
||||
Account *store.Account
|
||||
ServiceName string
|
||||
}
|
||||
|
||||
func (s *Session) Username() string {
|
||||
return s.AccountName
|
||||
return s.Account.Username
|
||||
}
|
||||
|
||||
func (s *Session) ListMailboxes(subscribed bool) ([]imapbackend.Mailbox, error) {
|
||||
@@ -43,7 +45,7 @@ func (s *Session) RenameMailbox(existingName, newName string) error {
|
||||
}
|
||||
|
||||
func (s *Session) Logout() error {
|
||||
log.Printf("Ending %s session %d for %s", s.ServiceName, s.ID, s.AccountName)
|
||||
log.Printf("Ending %s session %d for %s", s.ServiceName, s.ID, s.Username())
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -2,6 +2,7 @@ package smtp
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"sync/atomic"
|
||||
@@ -60,14 +61,21 @@ func (c *concrete) Run() {
|
||||
|
||||
// backend implementation for go-smtp
|
||||
func (c *concrete) Login(user, pass string) (smtp.User, error) {
|
||||
// FIXME: TODO: Check for account existence and correct password(!)
|
||||
account, err := c.store.FindAccountWithPassword(user, pass)
|
||||
if err != nil {
|
||||
// Lo the real error, but don't show it to the end user
|
||||
log.Printf("Opening %s session for %s failed: %s", c.name, user, err)
|
||||
return nil, fmt.Errorf("Login failed")
|
||||
}
|
||||
|
||||
session := &Session{
|
||||
ID: atomic.AddUint64(&c.sid, uint64(1)),
|
||||
AccountName: user,
|
||||
Account: account,
|
||||
ServiceName: c.name,
|
||||
}
|
||||
|
||||
log.Printf("Beginning %s session %d for %s", c.name, session.ID, user)
|
||||
// FIXME: TODO: Track ongoing sessions for termination or notifications
|
||||
|
||||
return session, nil
|
||||
}
|
||||
|
||||
@@ -5,12 +5,14 @@ import (
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
|
||||
"ur.gs/crockery/internal/store"
|
||||
)
|
||||
|
||||
// type Session implements the User interface for emersion/go-smtp
|
||||
type Session struct {
|
||||
ID uint64
|
||||
AccountName string
|
||||
Account *store.Account
|
||||
ServiceName string
|
||||
}
|
||||
|
||||
@@ -20,13 +22,13 @@ func (s *Session) Send(from string, to []string, r io.Reader) error {
|
||||
return err
|
||||
}
|
||||
|
||||
log.Printf("%s session %d for %s: from=%s, to=%s, r=<<EOF\n%s\nEOF", s.ServiceName, s.ID, s.AccountName, from, to, string(data))
|
||||
log.Printf("%s session %d for %s: from=%s, to=%s, r=<<EOF\n%s\nEOF", s.ServiceName, s.ID, s.Account.Username, from, to, string(data))
|
||||
|
||||
return fmt.Errorf("Not yet implemented")
|
||||
}
|
||||
|
||||
func (s *Session) Logout() error {
|
||||
log.Printf("Ending %s session %d for %s", s.ServiceName, s.ID, s.AccountName)
|
||||
log.Printf("Ending %s session %d for %s", s.ServiceName, s.ID, s.Account.Username)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -20,6 +20,7 @@ type Interface interface {
|
||||
|
||||
CreateAccount(*Account) error
|
||||
FindAccount(string) (*Account, error)
|
||||
FindAccountWithPassword(string, string) (*Account, error)
|
||||
|
||||
io.Closer
|
||||
}
|
||||
@@ -141,14 +142,30 @@ func (c *concrete) SetTLS(certPEM, keyPEM []byte) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *concrete) CreateAccount(a *Account) error {
|
||||
return c.storm.Save(a)
|
||||
func (c *concrete) CreateAccount(account *Account) error {
|
||||
return c.storm.Save(account)
|
||||
}
|
||||
|
||||
func (c *concrete) FindAccount(username string) (*Account, error) {
|
||||
var a Account
|
||||
var account Account
|
||||
|
||||
return &a, c.storm.One("Username", username, &a)
|
||||
return &account, c.storm.One("Username", username, &account)
|
||||
}
|
||||
|
||||
func (c *concrete) FindAccountWithPassword(username, password string) (*Account, error) {
|
||||
account, err := c.FindAccount(username)
|
||||
|
||||
if err != nil {
|
||||
// Always do a bcrypt check to avoid timing attacks
|
||||
_ = CheckPassword("", "")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if !CheckPassword(account.PasswordHash, password) {
|
||||
return nil, fmt.Errorf("bad password")
|
||||
}
|
||||
|
||||
return account, nil
|
||||
}
|
||||
|
||||
func (c *concrete) Close() error {
|
||||
|
||||
Reference in New Issue
Block a user