Add salt for every single user

routers/user/setting.go

@@ -73,11 +73,7 @@ func SettingPassword(ctx *middleware.Context, form auth.UpdatePasswdForm) {
 
 	user := ctx.User
 	newUser := &models.User{Passwd: form.NewPasswd}
-	if err := newUser.EncodePasswd(); err != nil {
-		ctx.Handle(200, "setting.SettingPassword", err)
-		return
-	}
-
+	newUser.EncodePasswd()
 	if user.Passwd != newUser.Passwd {
 		ctx.Data["HasError"] = true
 		ctx.Data["ErrorMsg"] = "Old password is not correct"
@@ -85,6 +81,7 @@ func SettingPassword(ctx *middleware.Context, form auth.UpdatePasswdForm) {
 		ctx.Data["HasError"] = true
 		ctx.Data["ErrorMsg"] = "New password and re-type password are not same"
 	} else {
+		newUser.Salt = models.GetUserSalt()
 		user.Passwd = newUser.Passwd
 		if err := models.UpdateUser(user); err != nil {
 			ctx.Handle(200, "setting.SettingPassword", err)

routers/user/user.go

@@ -477,12 +477,9 @@ func ResetPasswd(ctx *middleware.Context) {
 		}
 
 		u.Passwd = passwd
-		if err := u.EncodePasswd(); err != nil {
-			ctx.Handle(404, "user.ResetPasswd(EncodePasswd)", err)
-			return
-		}
-
 		u.Rands = models.GetUserSalt()
+		u.Salt = models.GetUserSalt()
+		u.EncodePasswd()
 		if err := models.UpdateUser(u); err != nil {
 			ctx.Handle(404, "user.ResetPasswd(UpdateUser)", err)
 			return