Package auth implements the authentication in use for gophish.
- func CheckPasswordPolicy(password string) error
- func GeneratePasswordHash(password string) (string, error)
- func GenerateSecureKey(n int) string
- func ValidatePassword(password string, hash string) error
- func ValidatePasswordChange(currentHash, newPassword, confirmPassword string) (string, error)
const APIKeyLength = 32
APIKeyLength is the length of Gophish API keys
const MinPasswordLength = 8
MinPasswordLength is the minimum number of characters required in a password
ErrEmptyPassword is thrown when a user provides a blank password to the register or change password functions
ErrInvalidPassword is thrown when a user provides an incorrect password.
ErrPasswordMismatch is thrown when a user provides a mismatching password and confirmation password.
var ErrPasswordTooShort = fmt.Errorf("Password must be at least %d characters", MinPasswordLength)
ErrPasswordTooShort is thrown when a user provides a password that is less than MinPasswordLength
ErrReusedPassword is thrown when a user attempts to change their password to the existing password
func CheckPasswordPolicy ¶ added in v0.11.0
CheckPasswordPolicy ensures the provided password is valid according to our password policy.
The current password policy is simply a minimum of 8 characters, though this may change in the future (see #1538).
func GeneratePasswordHash ¶ added in v0.11.0
GeneratePasswordHash returns the bcrypt hash for the provided password using the default bcrypt cost.
func GenerateSecureKey ¶
GenerateSecureKey returns the hex representation of key generated from n random bytes
func ValidatePassword ¶ added in v0.11.0
ValidatePassword validates that the provided password matches the provided bcrypt hash.
func ValidatePasswordChange ¶ added in v0.11.0
ValidatePasswordChange validates that the new password matches the configured password policy, that the new password and confirmation password match.
Note that this assumes the current password has been confirmed by the caller.
If all of the provided data is valid, then the hash of the new password is returned.
This section is empty.