1 files changed, 43 insertions, 14 deletions

diff --git a/models/user.go b/models/user.go
index 1ec3b295..0fcf7243 100644
--- a/models/user.go
+++ b/models/user.go
@@ -5,6 +5,7 @@
 package models
 
 import (
+	"crypto/sha256"
 	"encoding/hex"
 	"errors"
 	"fmt"
@@ -13,8 +14,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/dchest/scrypt"
-
 	"github.com/gogits/git"
 
 	"github.com/gogits/gogs/modules/base"
@@ -62,6 +61,7 @@ type User struct {
 	IsActive      bool
 	IsAdmin       bool
 	Rands         string    `xorm:"VARCHAR(10)"`
+	Salt          string    `xorm:"VARCHAR(10)"`
 	Created       time.Time `xorm:"created"`
 	Updated       time.Time `xorm:"updated"`
 }
@@ -89,10 +89,9 @@ func (user *User) NewGitSig() *git.Signature {
 }
 
 // EncodePasswd encodes password to safe format.
-func (user *User) EncodePasswd() error {
-	newPasswd, err := scrypt.Key([]byte(user.Passwd), []byte(base.SecretKey), 16384, 8, 1, 64)
+func (user *User) EncodePasswd() {
+	newPasswd := base.PBKDF2([]byte(user.Passwd), []byte(user.Salt), 10000, 50, sha256.New)
 	user.Passwd = fmt.Sprintf("%x", newPasswd)
-	return err
 }
 
 // Member represents user is member of organization.
@@ -148,9 +147,9 @@ func RegisterUser(user *User) (*User, error) {
 	user.Avatar = base.EncodeMd5(user.Email)
 	user.AvatarEmail = user.Email
 	user.Rands = GetUserSalt()
-	if err = user.EncodePasswd(); err != nil {
-		return nil, err
-	} else if _, err = orm.Insert(user); err != nil {
+	user.Salt = GetUserSalt()
+	user.EncodePasswd()
+	if _, err = orm.Insert(user); err != nil {
 		return nil, err
 	} else if err = os.MkdirAll(UserPath(user.Name), os.ModePerm); err != nil {
 		if _, err := orm.Id(user.Id).Delete(&User{}); err != nil {
@@ -367,20 +366,50 @@ func GetUserByName(name string) (*User, error) {
 	return user, nil
 }
 
-// LoginUserPlain validates user by raw user name and password.
-func LoginUserPlain(name, passwd string) (*User, error) {
-	user := User{LowerName: strings.ToLower(name), Passwd: passwd}
-	if err := user.EncodePasswd(); err != nil {
+// GetUserEmailsByNames returns a slice of e-mails corresponds to names.
+func GetUserEmailsByNames(names []string) []string {
+	mails := make([]string, 0, len(names))
+	for _, name := range names {
+		u, err := GetUserByName(name)
+		if err != nil {
+			continue
+		}
+		mails = append(mails, u.Email)
+	}
+	return mails
+}
+
+// GetUserByEmail returns the user object by given e-mail if exists.
+func GetUserByEmail(email string) (*User, error) {
+	if len(email) == 0 {
+		return nil, ErrUserNotExist
+	}
+	user := &User{Email: strings.ToLower(email)}
+	has, err := orm.Get(user)
+	if err != nil {
 		return nil, err
+	} else if !has {
+		return nil, ErrUserNotExist
 	}
+	return user, nil
+}
 
+// LoginUserPlain validates user by raw user name and password.
+func LoginUserPlain(name, passwd string) (*User, error) {
+	user := User{LowerName: strings.ToLower(name)}
 	has, err := orm.Get(&user)
 	if err != nil {
 		return nil, err
 	} else if !has {
-		err = ErrUserNotExist
+		return nil, ErrUserNotExist
+	}
+
+	newUser := &User{Passwd: passwd, Salt: user.Salt}
+	newUser.EncodePasswd()
+	if user.Passwd != newUser.Passwd {
+		return nil, ErrUserNotExist
 	}
-	return &user, err
+	return &user, nil
 }
 
 // Follow is connection request for receiving user notifycation.