feat(auth): restrict inittial user hashed password byte length same as hash size

Author: marjune163

src/serveMux/main.go

@@ -23,22 +23,22 @@ func NewServeMux(
 ) *ServeMux {
 	users := user.NewUsers()
 	for _, u := range p.UsersPlain {
-		users.AddPlain(u.Username, u.Password)
+		errorHandler.LogError(users.AddPlain(u.Username, u.Password))
 	}
 	for _, u := range p.UsersBase64 {
-		users.AddBase64(u.Username, u.Password)
+		errorHandler.LogError(users.AddBase64(u.Username, u.Password))
 	}
 	for _, u := range p.UsersMd5 {
-		users.AddMd5(u.Username, u.Password)
+		errorHandler.LogError(users.AddMd5(u.Username, u.Password))
 	}
 	for _, u := range p.UsersSha1 {
-		users.AddSha1(u.Username, u.Password)
+		errorHandler.LogError(users.AddSha1(u.Username, u.Password))
 	}
 	for _, u := range p.UsersSha256 {
-		users.AddSha256(u.Username, u.Password)
+		errorHandler.LogError(users.AddSha256(u.Username, u.Password))
 	}
 	for _, u := range p.UsersSha512 {
-		users.AddSha512(u.Username, u.Password)
+		errorHandler.LogError(users.AddSha512(u.Username, u.Password))
 	}
 
 	tplObj, err := tpl.LoadPage(p.Template)

src/user/main.go

@@ -1,6 +1,8 @@
 package user
 
-import "errors"
+import (
+	"errors"
+)
 
 type Users map[string]user
 
@@ -13,49 +15,81 @@ func (users Users) checkExist(username string) error {
 
 func (users Users) AddPlain(username, password string) (err error) {
 	err = users.checkExist(username);
-	if err == nil {
-		users[username] = newPlainUser(password)
+	if err != nil {
+		return
 	}
+
+	users[username] = newPlainUser(password)
 	return
 }
 
 func (users Users) AddBase64(username, password string) (err error) {
 	err = users.checkExist(username);
-	if err == nil {
-		users[username] = newBase64User(password)
+	if err != nil {
+		return
 	}
+
+	users[username] = newBase64User(password)
 	return
 }
 
 func (users Users) AddMd5(username, password string) (err error) {
 	err = users.checkExist(username);
-	if err == nil {
-		users[username] = newMd5User(password)
+	if err != nil {
+		return
+	}
+
+	user, err := newMd5User(password)
+	if err != nil {
+		return
 	}
+
+	users[username] = user
 	return
 }
 
 func (users Users) AddSha1(username, password string) (err error) {
 	err = users.checkExist(username);
-	if err == nil {
-		users[username] = newSha1User(password)
+	if err != nil {
+		return
+	}
+
+	user, err := newSha1User(password)
+	if err != nil {
+		return
 	}
+
+	users[username] = user
 	return
 }
 
 func (users Users) AddSha256(username, password string) (err error) {
 	err = users.checkExist(username);
-	if err == nil {
-		users[username] = newSha256User(password)
+	if err != nil {
+		return
+	}
+
+	user, err := newSha256User(password)
+	if err != nil {
+		return
 	}
+
+	users[username] = user
 	return
 }
 
 func (users Users) AddSha512(username, password string) (err error) {
 	err = users.checkExist(username);
-	if err == nil {
-		users[username] = newSha512User(password)
+	if err != nil {
+		return
 	}
+
+	user, err := newSha512User(password)
+	if err != nil {
+		return
+	}
+
+	users[username] = user
 	return
 }
 

src/user/user.go

@@ -7,6 +7,7 @@ import (
 	"crypto/sha512"
 	"encoding/base64"
 	"encoding/hex"
+	"errors"
 )
 
 // common interface for user
@@ -51,11 +52,17 @@ func (u *md5User) auth(input string) bool {
 	return u.token == inputToken
 }
 
-func newMd5User(encoded string) *md5User {
-	tokenSlice, _ := hex.DecodeString(encoded)
+func newMd5User(encPass string) (*md5User, error) {
+	tokenSlice, err := hex.DecodeString(encPass)
+	if err != nil {
+		return nil, err
+	}
+	if len(tokenSlice) != md5.Size {
+		return nil, errors.New("unrecognized hash")
+	}
 	token := [md5.Size]byte{}
 	copy(token[:], tokenSlice)
-	return &md5User{token}
+	return &md5User{token}, nil
 }
 
 // sha1 hashed password
@@ -68,11 +75,17 @@ func (u *sha1User) auth(input string) bool {
 	return u.token == inputToken
 }
 
-func newSha1User(encPass string) *sha1User {
-	tokenSlice, _ := hex.DecodeString(encPass)
+func newSha1User(encPass string) (*sha1User, error) {
+	tokenSlice, err := hex.DecodeString(encPass)
+	if err != nil {
+		return nil, err
+	}
+	if len(tokenSlice) != sha1.Size {
+		return nil, errors.New("unrecognized hash")
+	}
 	token := [sha1.Size]byte{}
 	copy(token[:], tokenSlice)
-	return &sha1User{token}
+	return &sha1User{token}, nil
 }
 
 // sha256 hashed password
@@ -85,11 +98,17 @@ func (u *sha256User) auth(input string) bool {
 	return u.token == inputToken
 }
 
-func newSha256User(encPass string) *sha256User {
-	tokenSlice, _ := hex.DecodeString(encPass)
+func newSha256User(encPass string) (*sha256User, error) {
+	tokenSlice, err := hex.DecodeString(encPass)
+	if err != nil {
+		return nil, err
+	}
+	if len(tokenSlice) != sha256.Size {
+		return nil, errors.New("unrecognized hash")
+	}
 	token := [sha256.Size]byte{}
 	copy(token[:], tokenSlice)
-	return &sha256User{token}
+	return &sha256User{token}, nil
 }
 
 // sha512 hashed password
@@ -102,9 +121,15 @@ func (u *sha512User) auth(input string) bool {
 	return u.token == inputToken
 }
 
-func newSha512User(encPass string) *sha512User {
-	tokenSlice, _ := hex.DecodeString(encPass)
+func newSha512User(encPass string) (*sha512User, error) {
+	tokenSlice, err := hex.DecodeString(encPass)
+	if err != nil {
+		return nil, err
+	}
+	if len(tokenSlice) != sha512.Size {
+		return nil, errors.New("unrecognized hash")
+	}
 	token := [sha512.Size]byte{}
 	copy(token[:], tokenSlice)
-	return &sha512User{token}
+	return &sha512User{token}, nil
 }