Golang : Get login name from environment and prompt for password
Problem:
You want to write a Golang script(short program for administrating server, etc) that grab the current user's login name, but prompt for a password rather than hardcoding it into the script.
When the user enter the password, it should not have echo or masking(i.e replace the typed characters with *). Once the password has been accepted, the script will compare the password with the retrieved password from database. If the password matched, it will let it pass and perform futher operation. If not, abort.
Discussion:
It is important to prompt the login user for password again whenever the user was about to execute a script that could cause potential damage from wrong usage. Why? Security risk. The real logged in user might have walked away from his/her desktop to somewhere else leaving the terminal open for someone else to use. Such as executing some potential harmful commands. Prompting password again will minimize the security risk. For additional layer on security, you might want to conside implementing 2 Factor Authentication as well.
Solution:
Retrieve the logged-in username from the environment variable with os.Getenv()
function. Prompt for password with github.com/howeyc/gopass
package.
Here you go!
package main
import (
"fmt"
"log"
"github.com/howeyc/gopass"
"os"
)
func authService(username, password string) bool {
// this where you want to bcrypt the password
// first before comparing with value retrieved
// from database or other sources base on the given username
// -- this will be application specific
// for the sake of this tutorial, we just
// put the password as abc123 ( don't use this in production!!)
// REMEMBER, do not hardcode the password in your script!
var retrievedPassword string
if username != "" {
retrievedPassword = "abc123"
}
if password == retrievedPassword {
return true
} else {
return false
}
}
func main() {
// get login user name
// from environment variables
loginUser := os.Getenv("USER")
if loginUser == "" {
log.Fatalf("Unable to get username from environment variable.\n")
}
// get user to enter their password
// without echo or mask
fmt.Printf("Enter your password to execute this script: ")
passwordFromUser, err := gopass.GetPasswd() // no echo - silent
if err != nil {
log.Printf("Get password error %v\n", err)
}
authentication := authService(loginUser, string(passwordFromUser))
fmt.Println("Authenticated ? : ", authentication)
}
Sample output:
(enter wrong password)
Enter your password to execute this script:
Authenticated ? : false
(enter right password)
Enter your password to execute this script:
Authenticated ? : true
Happy coding!
References:
https://www.socketloop.com/tutorials/golang-set-get-and-list-environment-variables
https://www.socketloop.com/tutorials/golang-get-password-from-console-input-without-echo-or-masked
https://www.socketloop.com/tutorials/golang-check-if-password-length-meet-the-requirement
See also : Golang : How to implement two-factor authentication?
By Adam Ng
IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.
Advertisement
Tutorials
+19.7k Golang : Reset or rewind io.Reader or io.Writer
+7.6k Golang : Regular Expression find string example
+29k Golang : JQuery AJAX post data to server and send data back to client example
+5.2k Python : Delay with time.sleep() function example
+17.3k How to enable MariaDB/MySQL logs ?
+15.6k Golang : Update database with GORM example
+13.7k Golang : Fix cannot use buffer (type bytes.Buffer) as type io.Writer(Write method has pointer receiver) error
+6.3k Golang : Calculate diameter, circumference, area, sphere surface and volume
+20.5k Golang : Convert PNG transparent background image to JPG or JPEG image
+7.6k Golang : Ways to recover memory during run time.
+6.7k Golang : Calculate BMI and risk category
+5.3k Python : Print unicode escape characters and string