From cc612271a5736857be71efa37cb1f4d0513424a4 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Sat, 17 Oct 2020 14:50:21 +0200 Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Keep=20password=20hashing?= =?UTF-8?q?=20outside=20the=20store?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- store.go | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/store.go b/store.go index 43351fb..a5edfb0 100644 --- a/store.go +++ b/store.go @@ -33,7 +33,6 @@ import ( uuid "github.com/satori/go.uuid" "github.com/tidwall/buntdb" - "golang.org/x/crypto/bcrypt" ) type UserStore interface { @@ -79,8 +78,7 @@ const ( type User struct { Username string - Password string `json:"-"` - PasswordHash string `json:"Password"` + Password string Role GlobalRole } @@ -153,11 +151,7 @@ func (u User) merge(updates User) (User, error) { merged := u if updates.Password != "" { - pwHash, err := hashPassword(updates.Password) - if err != nil { - return u, fmt.Errorf("cannot hash password: %w", err) - } - merged.PasswordHash = pwHash + merged.Password = updates.Password } if updates.Role != "" { merged.Role = updates.Role @@ -288,14 +282,6 @@ func (store *DBStore) RemoveUser(username string) (err error) { }) } -func hashPassword(password string) (string, error) { - hash, err := bcrypt.GenerateFromPassword([]byte(password), 0) - if err != nil { - return "", err - } - return string(hash), nil -} - func (store *DBStore) CreateShare() (Share, error) { share := Share{ UUID: uuid.NewV4(),