diff options
| author | Denis Denisov <denji@users.noreply.github.com> | 2016-12-20 14:32:02 +0200 |
|---|---|---|
| committer | Thomas Boerger <thomas@webhippie.de> | 2016-12-20 13:32:02 +0100 |
| commit | 380e32e129d7a8868b9853e92e208a97e3ac125f (patch) | |
| tree | 3b7ffc74a7f28f9c165ee4a780e52053d9f749fd /routers/user | |
| parent | 952587dbae987e05fb36f0ff56bf5eff92ae1080 (diff) | |
| download | gitea-380e32e129d7a8868b9853e92e208a97e3ac125f.tar.gz gitea-380e32e129d7a8868b9853e92e208a97e3ac125f.zip | |
Fix random string generator (#384)
* Remove unused custom-alphabet feature of random string generator
Fix random string generator
Random string generator should return error if it fails to read random data via crypto/rand
* Fixes variable (un)initialization mixed assign
Update test GetRandomString
Diffstat (limited to 'routers/user')
| -rw-r--r-- | routers/user/auth.go | 17 | ||||
| -rw-r--r-- | routers/user/setting.go | 6 |
2 files changed, 19 insertions, 4 deletions
diff --git a/routers/user/auth.go b/routers/user/auth.go index eecb5e051f..bb14ad5a5f 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -289,7 +289,11 @@ func Activate(ctx *context.Context) { // Verify code. if user := models.VerifyUserActiveCode(code); user != nil { user.IsActive = true - user.Rands = models.GetUserSalt() + var err error + if user.Rands, err = models.GetUserSalt(); err != nil { + ctx.Handle(500, "UpdateUser", err) + return + } if err := models.UpdateUser(user); err != nil { if models.IsErrUserNotExist(err) { ctx.Error(404) @@ -428,8 +432,15 @@ func ResetPasswdPost(ctx *context.Context) { } u.Passwd = passwd - u.Rands = models.GetUserSalt() - u.Salt = models.GetUserSalt() + var err error + if u.Rands, err = models.GetUserSalt(); err != nil { + ctx.Handle(500, "UpdateUser", err) + return + } + if u.Salt, err = models.GetUserSalt(); err != nil { + ctx.Handle(500, "UpdateUser", err) + return + } u.EncodePasswd() if err := models.UpdateUser(u); err != nil { ctx.Handle(500, "UpdateUser", err) diff --git a/routers/user/setting.go b/routers/user/setting.go index bbb4d99c02..e078f8c17a 100644 --- a/routers/user/setting.go +++ b/routers/user/setting.go @@ -197,7 +197,11 @@ func SettingsPasswordPost(ctx *context.Context, form auth.ChangePasswordForm) { ctx.Flash.Error(ctx.Tr("form.password_not_match")) } else { ctx.User.Passwd = form.Password - ctx.User.Salt = models.GetUserSalt() + var err error + if ctx.User.Salt, err = models.GetUserSalt(); err != nil { + ctx.Handle(500, "UpdateUser", err) + return + } ctx.User.EncodePasswd() if err := models.UpdateUser(ctx.User); err != nil { ctx.Handle(500, "UpdateUser", err) |