如何验证密码

huangapple
go评论85阅读模式
英文:

How to verify the password

问题

在这段代码中,第一个函数是Findaccount(),它将在数据库中查找电子邮件地址和作为哈希值存在的密码。因此,CompareHashAndPassword()函数用于比较哈希值和密码。

现在在handler.go文件中,我有一个名为loginData()的函数,它允许用户登录。我在这里遇到了一个问题。我调用了database.Findaccount(email, password, hash)函数,但它只验证了电子邮件地址,并没有验证正确的密码,并给我返回了false消息。

但是,如果我像这样调用函数database.Findaccount(email, "1234", hash),它会同时验证电子邮件和密码。

如何解决这个问题,因为我无法记住每个密码。

db.go

func Findaccount(myEmail, myPassword, hash string) bool {
    collection := Connect.Database("WebApp2").Collection("dataStored")
    if err := collection.FindOne(context.TODO(), bson.M{"email": myEmail}).Decode(&Account); err != nil {
        fmt.Println("Enter the correct email or password")
    }
    err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(myPassword))
    return err == nil
}

handler.go

func HashPassword(password string) (string, error) {
    bytes, err := bcrypt.GenerateFromPassword([]byte(password), 14)
    return string(bytes), err
}

func loginData(w http.ResponseWriter, r *http.Request) {
    email := r.FormValue("email")
    password := r.FormValue("password")
    hash, _ := HashPassword(password)
    match := database.Findaccount(email, password, hash) // 这里有一个问题
    if match == false {
        fmt.Println("false")
    } else {
        fmt.Println("true")
    }
}
英文:

In this code, the first function is Findaccount() that will find the email address in the database and the password that is present as a hash. So the CompareHashAndPassword() compares the hash and password.

Now in the handler.go file I have a function called loginData() that will allow the user to log in. I have a problem here. I called database.Findaccount(email, password, hash) function but it just verifies an email address and does not verify the
correct password, and give me the false message.

But if I call the function like this database.Findaccount(email, "1234", hash), it verifies both email and password.

How to solve this problem because I won't be able to remember each password.

db.go

func Findaccount(myEmail, myPassword, hash string) bool {
	collection := Connect.Database("WebApp2").Collection("dataStored")
	if err := collection.FindOne(context.TODO(), bson.M{"email": myEmail}).Decode(&Account); err != nil {
		fmt.Println("Enter the correct email or password")
	}
	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(myPassword))
	return err == nil
}

handler.go

func HashPassword(password string) (string, error) {
	bytes, err := bcrypt.GenerateFromPassword([]byte(password), 14)
	return string(bytes), err
}

func loginData(w http.ResponseWriter, r *http.Request) {
	email := r.FormValue("email")
	password := r.FormValue("password")
	hash, _ := HashPassword(password)
	match := database.Findaccount(email, password, hash) // here is a problem
	if match == false {
		fmt.Println("false")
	} else {
		fmt.Println("true")
	}
}

答案1

得分: 6

根据文档bycrypt.CompareHashAndPassword()的函数模式如下:

func CompareHashAndPassword(hashedPassword, password []byte) error

要使用该函数,你需要将hashedPassword(即存储在数据库中的哈希密码)作为函数调用的第一个参数。

然后,将请求参数中的password作为第二个参数的值。

func loginData(w http.ResponseWriter, r *http.Request) {
    email := r.FormValue("email")
    password := r.FormValue("password")
    match := database.Findaccount(email, password)
    if match == false {
        fmt.Println("false")
    } else {
        fmt.Println("true")
    }
}

func Findaccount(myEmail, myPassword string) bool {
    collection := Connect.Database("WebApp2").Collection("dataStored")
    if err := collection.FindOne(context.TODO(), bson.M{"email": myEmail}).Decode(&Account); err != nil {
        fmt.Println("输入正确的电子邮件或密码")
    }
    err := bcrypt.CompareHashAndPassword([]byte(Account.Password), []byte(myPassword))
    return err == nil
}

Findaccount()函数中,bcrypt.CompareHashAndPassword()语句的第一个参数由Account.Password填充,它是存储在数据库中的哈希密码。

英文:

As per documentation, this is the func schema of bycrypt.CompareHashAndPassword():

func CompareHashAndPassword(hashedPassword, password []byte) error

To use that, you need to place the hashedPassword (which is the hashed password that you stored in the db) as the 1st parameter of the function call.

And then okace the password from request param as the value of 2nd parameter.

func loginData(w http.ResponseWriter, r *http.Request) {
    email := r.FormValue("email")
    password := r.FormValue("password")
    match := database.Findaccount(email, password)
    if match == false {
        fmt.Println("false")
    } else {
        fmt.Println("true")
    }
}

func Findaccount(myEmail, myPassword string) bool {
    collection := Connect.Database("WebApp2").Collection("dataStored")
    if err := collection.FindOne(context.TODO(), bson.M{"email": myEmail}).Decode(&Account); err != nil {
        fmt.Println("Enter the correct email or password")
    }
    err := bcrypt.CompareHashAndPassword([]byte(Account.Password), []byte(myPassword))
    return err == nil
}

See on the Findaccount(), the first param of statement bcrypt.CompareHashAndPassword() is filled by Account.Password which is the hashed password stored on the db.

huangapple
  • 本文由 发表于 2021年7月30日 15:15:53
  • 转载请务必保留本文链接:https://go.coder-hub.com/68586878.html
  • go
  • passwords
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定