Code cleanup from PR 255 feedback. T705

pull/225/head
Nick Gerakines 5 years ago
parent bf3b6a5ba0
commit 4266154749
  1. 33
      database.go
  2. 7
      oauth.go
  3. 3
      oauth_test.go

@ -12,11 +12,8 @@ package writefreely
import (
"context"
"crypto/rand"
"database/sql"
"fmt"
"github.com/pkg/errors"
"math/big"
"net/http"
"strings"
"time"
@ -2463,11 +2460,8 @@ func (db *datastore) GetCollectionLastPostTime(id int64) (*time.Time, error) {
}
func (db *datastore) GenerateOAuthState(ctx context.Context) (string, error) {
state, err := randString(24)
if err != nil {
return "", err
}
_, err = db.ExecContext(ctx, "INSERT INTO oauth_client_state (state, used, created_at) VALUES (?, FALSE, NOW())", state)
state := store.Generate62RandomString(24)
_, err := db.ExecContext(ctx, "INSERT INTO oauth_client_state (state, used, created_at) VALUES (?, FALSE, NOW())", state)
if err != nil {
return "", fmt.Errorf("unable to record oauth client state: %w", err)
}
@ -2545,26 +2539,3 @@ func handleFailedPostInsert(err error) error {
log.Error("Couldn't insert into posts: %v", err)
return err
}
func randString(length int) (string, error) {
// every printable character on a US keyboard
charset := []rune("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789")
out := make([]rune, length)
setLen := big.NewInt(int64(len(charset)))
for idx := 0; idx < length; idx++ {
offset, err := rand.Int(rand.Reader, setLen)
if err != nil {
return "", err
}
if !offset.IsUint64() {
// this should (in theory) never happen
return "", errors.Errorf("Non-Uint64 offset returned from rand.Int")
}
out[idx] = charset[offset.Uint64()]
}
return string(out), nil
}

@ -6,6 +6,7 @@ import (
"fmt"
"github.com/gorilla/sessions"
"github.com/guregu/null/zero"
"github.com/writeas/nerds/store"
"github.com/writeas/web-core/auth"
"github.com/writeas/web-core/log"
"github.com/writeas/writefreely/config"
@ -143,11 +144,7 @@ func (h oauthHandler) viewOauthCallback(w http.ResponseWriter, r *http.Request)
//create a random string. If the user needs to set a password, they
//can do so through the settings page or through the password reset
//flow.
randPass, err := randString(14)
if err != nil {
failOAuthRequest(w, http.StatusInternalServerError, err.Error())
return
}
randPass := store.Generate62RandomString(14)
hashedPass, err := auth.HashPass([]byte(randPass))
if err != nil {
log.ErrorLog.Println(err)

@ -5,6 +5,7 @@ import (
"fmt"
"github.com/gorilla/sessions"
"github.com/stretchr/testify/assert"
"github.com/writeas/nerds/store"
"github.com/writeas/writefreely/config"
"net/http"
"net/http/httptest"
@ -120,7 +121,7 @@ func (m *MockOAuthDatastore) GenerateOAuthState(ctx context.Context) (string, er
if m.DoGenerateOAuthState != nil {
return m.DoGenerateOAuthState(ctx)
}
return randString(14)
return store.Generate62RandomString(14), nil
}
func TestViewOauthInit(t *testing.T) {

Loading…
Cancel
Save