From cc612271a5736857be71efa37cb1f4d0513424a4 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <aksdb@gmx.de>
Date: Sat, 17 Oct 2020 14:50:21 +0200
Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Keep=20password=20hashing?=
 =?UTF-8?q?=20outside=20the=20store?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 store.go | 18 ++----------------
 1 file changed, 2 insertions(+), 16 deletions(-)

diff --git a/store.go b/store.go
index 43351fb..a5edfb0 100644
--- a/store.go
+++ b/store.go
@@ -33,7 +33,6 @@ import (
 
 	uuid "github.com/satori/go.uuid"
 	"github.com/tidwall/buntdb"
-	"golang.org/x/crypto/bcrypt"
 )
 
 type UserStore interface {
@@ -79,8 +78,7 @@ const (
 
 type User struct {
 	Username     string
-	Password     string `json:"-"`
-	PasswordHash string `json:"Password"`
+	Password     string
 	Role         GlobalRole
 }
 
@@ -153,11 +151,7 @@ func (u User) merge(updates User) (User, error) {
 	merged := u
 
 	if updates.Password != "" {
-		pwHash, err := hashPassword(updates.Password)
-		if err != nil {
-			return u, fmt.Errorf("cannot hash password: %w", err)
-		}
-		merged.PasswordHash = pwHash
+		merged.Password = updates.Password
 	}
 	if updates.Role != "" {
 		merged.Role = updates.Role
@@ -288,14 +282,6 @@ func (store *DBStore) RemoveUser(username string) (err error) {
 	})
 }
 
-func hashPassword(password string) (string, error) {
-	hash, err := bcrypt.GenerateFromPassword([]byte(password), 0)
-	if err != nil {
-		return "", err
-	}
-	return string(hash), nil
-}
-
 func (store *DBStore) CreateShare() (Share, error) {
 	share := Share{
 		UUID: uuid.NewV4(),