♻️ Keep password hashing outside the store

2020-10-17 14:50:21 +02:00 · 2020-10-17 14:50:21 +02:00 · cc612271a5
parent db5fb05ce1
commit cc612271a5
1 changed files with 2 additions and 16 deletions
--- a/store.go
+++ b/store.go
@ -33,7 +33,6 @@ import (

 	uuid "github.com/satori/go.uuid"
 	"github.com/tidwall/buntdb"
-	"golang.org/x/crypto/bcrypt"
 )

 type UserStore interface {
@ -79,8 +78,7 @@ const (

 type User struct {
 	Username     string
-	Password     string `json:"-"`
-	PasswordHash string `json:"Password"`
+	Password     string
 	Role         GlobalRole
 }

@ -153,11 +151,7 @@ func (u User) merge(updates User) (User, error) {
 	merged := u

 	if updates.Password != "" {
-		pwHash, err := hashPassword(updates.Password)
-		if err != nil {
-			return u, fmt.Errorf("cannot hash password: %w", err)
-		}
-		merged.PasswordHash = pwHash
+		merged.Password = updates.Password
 	}
 	if updates.Role != "" {
 		merged.Role = updates.Role
@ -288,14 +282,6 @@ func (store *DBStore) RemoveUser(username string) (err error) {
 	})
 }

-func hashPassword(password string) (string, error) {
-	hash, err := bcrypt.GenerateFromPassword([]byte(password), 0)
-	if err != nil {
-		return "", err
-	}
-	return string(hash), nil
-}
-
 func (store *DBStore) CreateShare() (Share, error) {
 	share := Share{
 		UUID: uuid.NewV4(),